]> Git Repo - qemu.git/blame - hw/scsi/scsi-disk.c
projects / qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
block/qdev: Allow configuring rerror/werror with qdev properties
[qemu.git] / hw / scsi / scsi-disk.c
CommitLineData
2e5d83bb
PB		 1/*
2 * SCSI Device emulation
3 *
4 * Copyright (c) 2006 CodeSourcery.
5 * Based on code by Fabrice Bellard
6 *
7 * Written by Paul Brook
ad3cea42
AT		 8 * Modifications:
9 * 2009-Dec-12 Artyom Tarasenko : implemented stamdard inquiry for the case
10 * when the allocation length of CDB is smaller
11 * than 36.
12 * 2009-Oct-13 Artyom Tarasenko : implemented the block descriptor in the
13 * MODE SENSE response.
2e5d83bb 14 *
8e31bf38 15 * This code is licensed under the LGPL.
a917d384
PB		 16 *
17 * Note that this file only handles the SCSI architecture model and device
1d4db89c
AZ		 18 * commands. Emulation of interface/link layer protocols is handled by
19 * the host adapter emulator.
2e5d83bb
PB		 20 */
21
22//#define DEBUG_SCSI
23
24#ifdef DEBUG_SCSI
001faf32
BS		 25#define DPRINTF(fmt, ...) \
26do { printf("scsi-disk: " fmt , ## __VA_ARGS__); } while (0)
2e5d83bb 27#else
001faf32 28#define DPRINTF(fmt, ...) do {} while(0)
2e5d83bb
PB		 29#endif
30
a4ab4792 31#include "qemu/osdep.h"
da34e65c 32#include "qapi/error.h"
1de7afc9 33#include "qemu/error-report.h"
0d09e41a
PB		 34#include "hw/scsi/scsi.h"
35#include "block/scsi.h"
9c17d615 36#include "sysemu/sysemu.h"
4be74634 37#include "sysemu/block-backend.h"
9c17d615 38#include "sysemu/blockdev.h"
0d09e41a 39#include "hw/block/block.h"
9c17d615 40#include "sysemu/dma.h"
f348b6d1 41#include "qemu/cutils.h"
22864256 42
336a6915
PB		 43#ifdef __linux
44#include <scsi/sg.h>
45#endif
46
84f94a9a 47#define SCSI_WRITE_SAME_MAX 524288
215e47b9
PB		 48#define SCSI_DMA_BUF_SIZE 131072
49#define SCSI_MAX_INQUIRY_LEN 256
50#define SCSI_MAX_MODE_LEN 256
51
52#define DEFAULT_DISCARD_GRANULARITY 4096
8a1bd297 53#define DEFAULT_MAX_UNMAP_SIZE (1 << 30) /* 1 GB */
f8e1f533 54#define DEFAULT_MAX_IO_SIZE INT_MAX /* 2 GB - 1 block */
a917d384 55
993935f3
PB		 56#define TYPE_SCSI_DISK_BASE "scsi-disk-base"
57
fcaafb10
PB		 58#define SCSI_DISK_BASE(obj) \
59 OBJECT_CHECK(SCSIDiskState, (obj), TYPE_SCSI_DISK_BASE)
60#define SCSI_DISK_BASE_CLASS(klass) \
61 OBJECT_CLASS_CHECK(SCSIDiskClass, (klass), TYPE_SCSI_DISK_BASE)
62#define SCSI_DISK_BASE_GET_CLASS(obj) \
63 OBJECT_GET_CLASS(SCSIDiskClass, (obj), TYPE_SCSI_DISK_BASE)
64
65typedef struct SCSIDiskClass {
66 SCSIDeviceClass parent_class;
67 DMAIOFunc *dma_readv;
68 DMAIOFunc *dma_writev;
94f8ba11 69 bool (*need_fua_emulation)(SCSICommand *cmd);
fcaafb10 70} SCSIDiskClass;
d52affa7 71
4c41d2ef
GH		 72typedef struct SCSIDiskReq {
73 SCSIRequest req;
a917d384 74 /* Both sector and sector_count are in terms of qemu 512 byte blocks. */
e035b43d
AL		 75 uint64_t sector;
76 uint32_t sector_count;
7285477a 77 uint32_t buflen;
a0e66a69 78 bool started;
94f8ba11 79 bool need_fua_emulation;
c87c0672
AL		 80 struct iovec iov;
81 QEMUIOVector qiov;
a597e79c 82 BlockAcctCookie acct;
8fdc7839 83 unsigned char *status;
4c41d2ef 84} SCSIDiskReq;
a917d384 85
18e673b8
PH		 86#define SCSI_DISK_F_REMOVABLE 0
87#define SCSI_DISK_F_DPOFUA 1
88#define SCSI_DISK_F_NO_REMOVABLE_DEVOPS 2
bfe3d7ac 89
fcaafb10 90typedef struct SCSIDiskState
a917d384 91{
d52affa7 92 SCSIDevice qdev;
bfe3d7ac 93 uint32_t features;
8a9c16f6 94 bool media_changed;
3c2f7c12 95 bool media_event;
4480de19 96 bool eject_request;
64cc2284 97 uint16_t port_index;
8a1bd297 98 uint64_t max_unmap_size;
f8e1f533 99 uint64_t max_io_size;
213189ab 100 QEMUBH *bh;
383b4d9b 101 char *version;
a0fef654 102 char *serial;
353815aa
DF		 103 char *vendor;
104 char *product;
ece0d5e9 105 bool tray_open;
81b1008d 106 bool tray_locked;
fcaafb10 107} SCSIDiskState;
2e5d83bb 108
d7628080 109static int scsi_handle_rw_error(SCSIDiskReq *r, int error, bool acct_failed);
5dba48a8 110
ad2d30f7 111static void scsi_free_request(SCSIRequest *req)
4d611c9a 112{
ad2d30f7
PB		 113 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
114
db4c34c3 115 qemu_vfree(r->iov.iov_base);
4d611c9a
PB		 116}
117
b45ef674
PB		 118/* Helper function for command completion with sense. */
119static void scsi_check_condition(SCSIDiskReq *r, SCSISense sense)
ed3a34a3 120{
02fa69b6
BS		 121 DPRINTF("Command complete tag=0x%x sense=%d/%d/%d\n",
122 r->req.tag, sense.key, sense.asc, sense.ascq);
b45ef674
PB		 123 scsi_req_build_sense(&r->req, sense);
124 scsi_req_complete(&r->req, CHECK_CONDITION);
4d611c9a
PB		 125}
126
03c90063 127static void scsi_init_iovec(SCSIDiskReq *r, size_t size)
103b40f5 128{
7285477a
PB		 129 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
130
131 if (!r->iov.iov_base) {
43b978b9 132 r->buflen = size;
4be74634 133 r->iov.iov_base = blk_blockalign(s->qdev.conf.blk, r->buflen);
7285477a
PB		 134 }
135 r->iov.iov_len = MIN(r->sector_count * 512, r->buflen);
103b40f5 136 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
103b40f5
PB		 137}
138
43b978b9
PB		 139static void scsi_disk_save_request(QEMUFile *f, SCSIRequest *req)
140{
141 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
142
143 qemu_put_be64s(f, &r->sector);
144 qemu_put_be32s(f, &r->sector_count);
145 qemu_put_be32s(f, &r->buflen);
18eef3bc
GH		 146 if (r->buflen) {
147 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
148 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len);
149 } else if (!req->retry) {
150 uint32_t len = r->iov.iov_len;
151 qemu_put_be32s(f, &len);
152 qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len);
153 }
43b978b9
PB		 154 }
155}
156
157static void scsi_disk_load_request(QEMUFile *f, SCSIRequest *req)
158{
159 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
160
161 qemu_get_be64s(f, &r->sector);
162 qemu_get_be32s(f, &r->sector_count);
163 qemu_get_be32s(f, &r->buflen);
164 if (r->buflen) {
165 scsi_init_iovec(r, r->buflen);
166 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
167 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len);
18eef3bc
GH		 168 } else if (!r->req.retry) {
169 uint32_t len;
170 qemu_get_be32s(f, &len);
171 r->iov.iov_len = len;
172 assert(r->iov.iov_len <= r->buflen);
173 qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len);
43b978b9
PB		 174 }
175 }
176
177 qemu_iovec_init_external(&r->qiov, &r->iov, 1);
178}
179
5b956f41
PB		 180static bool scsi_disk_req_check_error(SCSIDiskReq *r, int ret, bool acct_failed)
181{
182 if (r->req.io_canceled) {
183 scsi_req_cancel_complete(&r->req);
184 return true;
185 }
186
187 if (ret < 0) {
188 return scsi_handle_rw_error(r, -ret, acct_failed);
189 }
190
8fdc7839
PB		 191 if (r->status && *r->status) {
192 if (acct_failed) {
193 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
194 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
195 }
196 scsi_req_complete(&r->req, *r->status);
197 return true;
198 }
199
5b956f41
PB		 200 return false;
201}
202
c1b35247 203static void scsi_aio_complete(void *opaque, int ret)
5d0d2467
PB		 204{
205 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
206 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
207
46e3f30e
PB		 208 assert(r->req.aiocb != NULL);
209 r->req.aiocb = NULL;
5b956f41 210 if (scsi_disk_req_check_error(r, ret, true)) {
0c92e0e6
PB		 211 goto done;
212 }
5d0d2467 213
d7628080 214 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
5d0d2467
PB		 215 scsi_req_complete(&r->req, GOOD);
216
217done:
3df9caf8 218 scsi_req_unref(&r->req);
5d0d2467
PB		 219}
220
7e8c49c5
PB		 221static bool scsi_is_cmd_fua(SCSICommand *cmd)
222{
223 switch (cmd->buf[0]) {
224 case READ_10:
225 case READ_12:
226 case READ_16:
227 case WRITE_10:
228 case WRITE_12:
229 case WRITE_16:
230 return (cmd->buf[1] & 8) != 0;
231
7f64f8e2
PB		 232 case VERIFY_10:
233 case VERIFY_12:
234 case VERIFY_16:
7e8c49c5
PB		 235 case WRITE_VERIFY_10:
236 case WRITE_VERIFY_12:
237 case WRITE_VERIFY_16:
238 return true;
239
240 case READ_6:
241 case WRITE_6:
242 default:
243 return false;
244 }
245}
246
247static void scsi_write_do_fua(SCSIDiskReq *r)
248{
249 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
250
5fd2b563 251 assert(r->req.aiocb == NULL);
5b956f41 252 assert(!r->req.io_canceled);
0c92e0e6 253
94f8ba11 254 if (r->need_fua_emulation) {
4be74634 255 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0,
5366d0c8 256 BLOCK_ACCT_FLUSH);
4be74634 257 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r);
7e8c49c5
PB		 258 return;
259 }
260
261 scsi_req_complete(&r->req, GOOD);
3df9caf8 262 scsi_req_unref(&r->req);
7e8c49c5
PB		 263}
264
5fd2b563 265static void scsi_dma_complete_noio(SCSIDiskReq *r, int ret)
a917d384 266{
5fd2b563 267 assert(r->req.aiocb == NULL);
5b956f41 268 if (scsi_disk_req_check_error(r, ret, false)) {
0c92e0e6
PB		 269 goto done;
270 }
a597e79c 271
b77912a7
PB		 272 r->sector += r->sector_count;
273 r->sector_count = 0;
7e8c49c5
PB		 274 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
275 scsi_write_do_fua(r);
276 return;
277 } else {
278 scsi_req_complete(&r->req, GOOD);
279 }
c7bae6a7
PB		 280
281done:
3df9caf8 282 scsi_req_unref(&r->req);
4d611c9a
PB		 283}
284
ef8489d4
PB		 285static void scsi_dma_complete(void *opaque, int ret)
286{
287 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
5fd2b563 288 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
ef8489d4
PB		 289
290 assert(r->req.aiocb != NULL);
5fd2b563
PB		 291 r->req.aiocb = NULL;
292
d7628080
AG		 293 if (ret < 0) {
294 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
295 } else {
296 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
297 }
5fd2b563 298 scsi_dma_complete_noio(r, ret);
ef8489d4
PB		 299}
300
b77912a7 301static void scsi_read_complete(void * opaque, int ret)
0a4ac106
PB		 302{
303 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
304 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
b77912a7 305 int n;
0a4ac106 306
46e3f30e
PB		 307 assert(r->req.aiocb != NULL);
308 r->req.aiocb = NULL;
5b956f41 309 if (scsi_disk_req_check_error(r, ret, true)) {
0c92e0e6
PB		 310 goto done;
311 }
0a4ac106 312
d7628080 313 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
b77912a7
PB		 314 DPRINTF("Data ready tag=0x%x len=%zd\n", r->req.tag, r->qiov.size);
315
316 n = r->qiov.size / 512;
317 r->sector += n;
318 r->sector_count -= n;
319 scsi_req_data(&r->req, r->qiov.size);
c7bae6a7
PB		 320
321done:
3df9caf8 322 scsi_req_unref(&r->req);
0a4ac106 323}
5dba48a8 324
ac668426 325/* Actually issue a read to the block device. */
5fd2b563 326static void scsi_do_read(SCSIDiskReq *r, int ret)
ac668426 327{
ac668426 328 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
fcaafb10 329 SCSIDiskClass *sdc = (SCSIDiskClass *) object_get_class(OBJECT(s));
ac668426 330
5fd2b563 331 assert (r->req.aiocb == NULL);
5b956f41 332 if (scsi_disk_req_check_error(r, ret, false)) {
0c92e0e6
PB		 333 goto done;
334 }
ac668426 335
31e8fd86
PB		 336 /* The request is used as the AIO opaque value, so add a ref. */
337 scsi_req_ref(&r->req);
338
ac668426 339 if (r->req.sg) {
4be74634 340 dma_acct_start(s->qdev.conf.blk, &r->acct, r->req.sg, BLOCK_ACCT_READ);
ac668426 341 r->req.resid -= r->req.sg->size;
fcaafb10
PB		 342 r->req.aiocb = dma_blk_io(blk_get_aio_context(s->qdev.conf.blk),
343 r->req.sg, r->sector << BDRV_SECTOR_BITS,
344 sdc->dma_readv, r, scsi_dma_complete, r,
345 DMA_DIRECTION_FROM_DEVICE);
ac668426 346 } else {
03c90063 347 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
4be74634 348 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
03c90063 349 r->qiov.size, BLOCK_ACCT_READ);
890e48d7 350 r->req.aiocb = sdc->dma_readv(r->sector << BDRV_SECTOR_BITS, &r->qiov,
fcaafb10 351 scsi_read_complete, r, r);
ac668426
PB		 352 }
353
354done:
3df9caf8 355 scsi_req_unref(&r->req);
ac668426
PB		 356}
357
5fd2b563
PB		 358static void scsi_do_read_cb(void *opaque, int ret)
359{
360 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
361 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
362
363 assert (r->req.aiocb != NULL);
364 r->req.aiocb = NULL;
365
d7628080
AG		 366 if (ret < 0) {
367 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
368 } else {
369 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
370 }
5fd2b563
PB		 371 scsi_do_read(opaque, ret);
372}
373
5c6c0e51
HR		 374/* Read more data from scsi device into buffer. */
375static void scsi_read_data(SCSIRequest *req)
2e5d83bb 376{
5c6c0e51 377 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
5dba48a8 378 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
ac668426 379 bool first;
2e5d83bb 380
a917d384
PB		 381 DPRINTF("Read sector_count=%d\n", r->sector_count);
382 if (r->sector_count == 0) {
b45ef674
PB		 383 /* This also clears the sense buffer for REQUEST SENSE. */
384 scsi_req_complete(&r->req, GOOD);
a917d384 385 return;
2e5d83bb
PB		 386 }
387
6fa2c95f
SH		 388 /* No data transfer may already be in progress */
389 assert(r->req.aiocb == NULL);
390
c7bae6a7
PB		 391 /* The request is used as the AIO opaque value, so add a ref. */
392 scsi_req_ref(&r->req);
efb9ee02
HR		 393 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
394 DPRINTF("Data transfer direction invalid\n");
395 scsi_read_complete(r, -EINVAL);
396 return;
397 }
398
a1aff5bf
MA		 399 if (s->tray_open) {
400 scsi_read_complete(r, -ENOMEDIUM);
c7bae6a7 401 return;
a1aff5bf 402 }
c7bae6a7 403
ac668426 404 first = !r->started;
a0e66a69 405 r->started = true;
94f8ba11 406 if (first && r->need_fua_emulation) {
4be74634 407 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0,
5366d0c8 408 BLOCK_ACCT_FLUSH);
5fd2b563 409 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_do_read_cb, r);
5d0d2467 410 } else {
ac668426 411 scsi_do_read(r, 0);
5d0d2467 412 }
2e5d83bb
PB		 413}
414
c7bae6a7
PB		 415/*
416 * scsi_handle_rw_error has two return values. 0 means that the error
417 * must be ignored, 1 means that the error has been processed and the
418 * caller should not do anything else for this request. Note that
419 * scsi_handle_rw_error always manages its reference counts, independent
420 * of the return value.
421 */
d7628080 422static int scsi_handle_rw_error(SCSIDiskReq *r, int error, bool acct_failed)
5dba48a8 423{
c85a7a00 424 bool is_read = (r->req.cmd.mode == SCSI_XFER_FROM_DEV);
4c41d2ef 425 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
4be74634
MA		 426 BlockErrorAction action = blk_get_error_action(s->qdev.conf.blk,
427 is_read, error);
ea8a5d7f 428
a589569f 429 if (action == BLOCK_ERROR_ACTION_REPORT) {
d7628080
AG		 430 if (acct_failed) {
431 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
432 }
efb9ee02 433 switch (error) {
7e218df5
PB		 434 case ENOMEDIUM:
435 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
436 break;
efb9ee02 437 case ENOMEM:
b45ef674 438 scsi_check_condition(r, SENSE_CODE(TARGET_FAILURE));
efb9ee02
HR		 439 break;
440 case EINVAL:
b45ef674 441 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
efb9ee02 442 break;
703dd81a
PB		 443 case ENOSPC:
444 scsi_check_condition(r, SENSE_CODE(SPACE_ALLOC_FAILED));
445 break;
efb9ee02 446 default:
b45ef674 447 scsi_check_condition(r, SENSE_CODE(IO_ERROR));
efb9ee02 448 break;
a1f0cce2 449 }
ea8a5d7f 450 }
4be74634 451 blk_error_action(s->qdev.conf.blk, action, is_read, error);
a589569f 452 if (action == BLOCK_ERROR_ACTION_STOP) {
3e1caa5f
PB		 453 scsi_req_retry(&r->req);
454 }
a589569f 455 return action != BLOCK_ERROR_ACTION_IGNORE;
ea8a5d7f
AL		 456}
457
5fd2b563 458static void scsi_write_complete_noio(SCSIDiskReq *r, int ret)
4d611c9a 459{
ea8a5d7f
AL		 460 uint32_t n;
461
5fd2b563 462 assert (r->req.aiocb == NULL);
5b956f41 463 if (scsi_disk_req_check_error(r, ret, false)) {
0c92e0e6
PB		 464 goto done;
465 }
a597e79c 466
103b40f5 467 n = r->qiov.size / 512;
ea8a5d7f
AL		 468 r->sector += n;
469 r->sector_count -= n;
a917d384 470 if (r->sector_count == 0) {
7e8c49c5
PB		 471 scsi_write_do_fua(r);
472 return;
a917d384 473 } else {
43b978b9 474 scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
79fb50bb 475 DPRINTF("Write complete tag=0x%x more=%zd\n", r->req.tag, r->qiov.size);
103b40f5 476 scsi_req_data(&r->req, r->qiov.size);
4d611c9a 477 }
c7bae6a7
PB		 478
479done:
3df9caf8 480 scsi_req_unref(&r->req);
4d611c9a
PB		 481}
482
5fd2b563
PB		 483static void scsi_write_complete(void * opaque, int ret)
484{
485 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
486 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
487
488 assert (r->req.aiocb != NULL);
489 r->req.aiocb = NULL;
490
d7628080
AG		 491 if (ret < 0) {
492 block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
493 } else {
494 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
495 }
5fd2b563
PB		 496 scsi_write_complete_noio(r, ret);
497}
498
42741212 499static void scsi_write_data(SCSIRequest *req)
ea8a5d7f 500{
5c6c0e51 501 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
4c41d2ef 502 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
fcaafb10 503 SCSIDiskClass *sdc = (SCSIDiskClass *) object_get_class(OBJECT(s));
ea8a5d7f 504
6fa2c95f
SH		 505 /* No data transfer may already be in progress */
506 assert(r->req.aiocb == NULL);
507
c7bae6a7
PB		 508 /* The request is used as the AIO opaque value, so add a ref. */
509 scsi_req_ref(&r->req);
efb9ee02
HR		 510 if (r->req.cmd.mode != SCSI_XFER_TO_DEV) {
511 DPRINTF("Data transfer direction invalid\n");
5fd2b563 512 scsi_write_complete_noio(r, -EINVAL);
42741212 513 return;
efb9ee02
HR		 514 }
515
5d0d2467
PB		 516 if (!r->req.sg && !r->qiov.size) {
517 /* Called for the first time. Ask the driver to send us more data. */
a0e66a69 518 r->started = true;
5fd2b563 519 scsi_write_complete_noio(r, 0);
5d0d2467
PB		 520 return;
521 }
522 if (s->tray_open) {
5fd2b563 523 scsi_write_complete_noio(r, -ENOMEDIUM);
5d0d2467
PB		 524 return;
525 }
526
7f64f8e2
PB		 527 if (r->req.cmd.buf[0] == VERIFY_10 || r->req.cmd.buf[0] == VERIFY_12 ||
528 r->req.cmd.buf[0] == VERIFY_16) {
529 if (r->req.sg) {
ef8489d4 530 scsi_dma_complete_noio(r, 0);
7f64f8e2 531 } else {
5fd2b563 532 scsi_write_complete_noio(r, 0);
7f64f8e2
PB		 533 }
534 return;
535 }
536
5d0d2467 537 if (r->req.sg) {
4be74634 538 dma_acct_start(s->qdev.conf.blk, &r->acct, r->req.sg, BLOCK_ACCT_WRITE);
5d0d2467 539 r->req.resid -= r->req.sg->size;
fcaafb10
PB		 540 r->req.aiocb = dma_blk_io(blk_get_aio_context(s->qdev.conf.blk),
541 r->req.sg, r->sector << BDRV_SECTOR_BITS,
542 sdc->dma_writev, r, scsi_dma_complete, r,
543 DMA_DIRECTION_TO_DEVICE);
5d0d2467 544 } else {
4be74634 545 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
03c90063 546 r->qiov.size, BLOCK_ACCT_WRITE);
fcaafb10
PB		 547 r->req.aiocb = sdc->dma_writev(r->sector << BDRV_SECTOR_BITS, &r->qiov,
548 scsi_write_complete, r, r);
ea8a5d7f 549 }
a917d384 550}
2e5d83bb 551
a917d384 552/* Return a pointer to the data buffer. */
5c6c0e51 553static uint8_t *scsi_get_buf(SCSIRequest *req)
a917d384 554{
5c6c0e51 555 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
2e5d83bb 556
3f4cb3d3 557 return (uint8_t *)r->iov.iov_base;
2e5d83bb
PB		 558}
559
0b06c059
GH		 560static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf)
561{
383b4d9b 562 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
0b06c059 563 int buflen = 0;
82579390 564 int start;
0b06c059 565
0b06c059
GH		 566 if (req->cmd.buf[1] & 0x1) {
567 /* Vital product data */
568 uint8_t page_code = req->cmd.buf[2];
0b06c059 569
e39be482 570 outbuf[buflen++] = s->qdev.type & 0x1f;
0b06c059
GH		 571 outbuf[buflen++] = page_code ; // this page
572 outbuf[buflen++] = 0x00;
82579390
PB		 573 outbuf[buflen++] = 0x00;
574 start = buflen;
0b06c059
GH		 575
576 switch (page_code) {
577 case 0x00: /* Supported page codes, mandatory */
39d98982 578 {
0b06c059
GH		 579 DPRINTF("Inquiry EVPD[Supported pages] "
580 "buffer size %zd\n", req->cmd.xfer);
0b06c059 581 outbuf[buflen++] = 0x00; // list of supported pages (this page)
f01b5931 582 if (s->serial) {
3e1c0c9a 583 outbuf[buflen++] = 0x80; // unit serial number
f01b5931 584 }
0b06c059 585 outbuf[buflen++] = 0x83; // device identification
f37bd73b 586 if (s->qdev.type == TYPE_DISK) {
ea3bd56f
CH		 587 outbuf[buflen++] = 0xb0; // block limits
588 outbuf[buflen++] = 0xb2; // thin provisioning
39d98982 589 }
0b06c059 590 break;
39d98982 591 }
0b06c059
GH		 592 case 0x80: /* Device serial number, optional */
593 {
3e1c0c9a 594 int l;
0b06c059 595
3e1c0c9a
HR		 596 if (!s->serial) {
597 DPRINTF("Inquiry (EVPD[Serial number] not supported\n");
598 return -1;
599 }
600
601 l = strlen(s->serial);
f01b5931 602 if (l > 20) {
0b06c059 603 l = 20;
f01b5931 604 }
0b06c059
GH		 605
606 DPRINTF("Inquiry EVPD[Serial number] "
607 "buffer size %zd\n", req->cmd.xfer);
a0fef654 608 memcpy(outbuf+buflen, s->serial, l);
0b06c059
GH		 609 buflen += l;
610 break;
611 }
612
613 case 0x83: /* Device identification page, mandatory */
614 {
4be74634 615 const char *str = s->serial ?: blk_name(s->qdev.conf.blk);
fd930791
PB		 616 int max_len = s->serial ? 20 : 255 - 8;
617 int id_len = strlen(str);
0b06c059 618
f01b5931 619 if (id_len > max_len) {
0b06c059 620 id_len = max_len;
f01b5931 621 }
0b06c059
GH		 622 DPRINTF("Inquiry EVPD[Device identification] "
623 "buffer size %zd\n", req->cmd.xfer);
624
0b06c059
GH		 625 outbuf[buflen++] = 0x2; // ASCII
626 outbuf[buflen++] = 0; // not officially assigned
627 outbuf[buflen++] = 0; // reserved
628 outbuf[buflen++] = id_len; // length of data following
fd930791 629 memcpy(outbuf+buflen, str, id_len);
0b06c059 630 buflen += id_len;
27395add 631
2ecab408 632 if (s->qdev.wwn) {
27395add
PB		 633 outbuf[buflen++] = 0x1; // Binary
634 outbuf[buflen++] = 0x3; // NAA
635 outbuf[buflen++] = 0; // reserved
636 outbuf[buflen++] = 8;
2ecab408 637 stq_be_p(&outbuf[buflen], s->qdev.wwn);
27395add
PB		 638 buflen += 8;
639 }
64cc2284 640
2ecab408 641 if (s->qdev.port_wwn) {
64cc2284
RD		 642 outbuf[buflen++] = 0x61; // SAS / Binary
643 outbuf[buflen++] = 0x93; // PIV / Target port / NAA
644 outbuf[buflen++] = 0; // reserved
645 outbuf[buflen++] = 8;
2ecab408 646 stq_be_p(&outbuf[buflen], s->qdev.port_wwn);
64cc2284
RD		 647 buflen += 8;
648 }
649
650 if (s->port_index) {
651 outbuf[buflen++] = 0x61; // SAS / Binary
652 outbuf[buflen++] = 0x94; // PIV / Target port / relative target port
653 outbuf[buflen++] = 0; // reserved
654 outbuf[buflen++] = 4;
655 stw_be_p(&outbuf[buflen + 2], s->port_index);
656 buflen += 4;
657 }
0b06c059
GH		 658 break;
659 }
ea3bd56f 660 case 0xb0: /* block limits */
ee3659e3 661 {
ea3bd56f
CH		 662 unsigned int unmap_sectors =
663 s->qdev.conf.discard_granularity / s->qdev.blocksize;
8cfacf07
CH		 664 unsigned int min_io_size =
665 s->qdev.conf.min_io_size / s->qdev.blocksize;
666 unsigned int opt_io_size =
667 s->qdev.conf.opt_io_size / s->qdev.blocksize;
8a1bd297
PB		 668 unsigned int max_unmap_sectors =
669 s->max_unmap_size / s->qdev.blocksize;
f8e1f533
PB		 670 unsigned int max_io_sectors =
671 s->max_io_size / s->qdev.blocksize;
ee3659e3 672
f37bd73b 673 if (s->qdev.type == TYPE_ROM) {
39d98982
HR		 674 DPRINTF("Inquiry (EVPD[%02X] not supported for CDROM\n",
675 page_code);
676 return -1;
677 }
ee3659e3 678 /* required VPD size with unmap support */
82579390 679 buflen = 0x40;
ee3659e3
CH		 680 memset(outbuf + 4, 0, buflen - 4);
681
84f94a9a
PB		 682 outbuf[4] = 0x1; /* wsnz */
683
ee3659e3
CH		 684 /* optimal transfer length granularity */
685 outbuf[6] = (min_io_size >> 8) & 0xff;
686 outbuf[7] = min_io_size & 0xff;
687
f8e1f533
PB		 688 /* maximum transfer length */
689 outbuf[8] = (max_io_sectors >> 24) & 0xff;
690 outbuf[9] = (max_io_sectors >> 16) & 0xff;
691 outbuf[10] = (max_io_sectors >> 8) & 0xff;
692 outbuf[11] = max_io_sectors & 0xff;
693
ee3659e3
CH		 694 /* optimal transfer length */
695 outbuf[12] = (opt_io_size >> 24) & 0xff;
696 outbuf[13] = (opt_io_size >> 16) & 0xff;
697 outbuf[14] = (opt_io_size >> 8) & 0xff;
698 outbuf[15] = opt_io_size & 0xff;
ea3bd56f 699
8a1bd297
PB		 700 /* max unmap LBA count, default is 1GB */
701 outbuf[20] = (max_unmap_sectors >> 24) & 0xff;
702 outbuf[21] = (max_unmap_sectors >> 16) & 0xff;
703 outbuf[22] = (max_unmap_sectors >> 8) & 0xff;
704 outbuf[23] = max_unmap_sectors & 0xff;
705
706 /* max unmap descriptors, 255 fit in 4 kb with an 8-byte header. */
707 outbuf[24] = 0;
708 outbuf[25] = 0;
709 outbuf[26] = 0;
710 outbuf[27] = 255;
711
ea3bd56f
CH		 712 /* optimal unmap granularity */
713 outbuf[28] = (unmap_sectors >> 24) & 0xff;
714 outbuf[29] = (unmap_sectors >> 16) & 0xff;
715 outbuf[30] = (unmap_sectors >> 8) & 0xff;
716 outbuf[31] = unmap_sectors & 0xff;
f8e1f533
PB		 717
718 /* max write same size */
719 outbuf[36] = 0;
720 outbuf[37] = 0;
721 outbuf[38] = 0;
722 outbuf[39] = 0;
723
724 outbuf[40] = (max_io_sectors >> 24) & 0xff;
725 outbuf[41] = (max_io_sectors >> 16) & 0xff;
726 outbuf[42] = (max_io_sectors >> 8) & 0xff;
727 outbuf[43] = max_io_sectors & 0xff;
ea3bd56f
CH		 728 break;
729 }
730 case 0xb2: /* thin provisioning */
731 {
82579390 732 buflen = 8;
ea3bd56f 733 outbuf[4] = 0;
5222aaf2 734 outbuf[5] = 0xe0; /* unmap & write_same 10/16 all supported */
f644a290 735 outbuf[6] = s->qdev.conf.discard_granularity ? 2 : 1;
ea3bd56f 736 outbuf[7] = 0;
ee3659e3
CH		 737 break;
738 }
0b06c059 739 default:
0b06c059
GH		 740 return -1;
741 }
742 /* done with EVPD */
82579390
PB		 743 assert(buflen - start <= 255);
744 outbuf[start - 1] = buflen - start;
0b06c059
GH		 745 return buflen;
746 }
747
748 /* Standard INQUIRY data */
749 if (req->cmd.buf[2] != 0) {
0b06c059
GH		 750 return -1;
751 }
752
753 /* PAGE CODE == 0 */
0b06c059 754 buflen = req->cmd.xfer;
f01b5931 755 if (buflen > SCSI_MAX_INQUIRY_LEN) {
0b06c059 756 buflen = SCSI_MAX_INQUIRY_LEN;
f01b5931 757 }
0b06c059 758
f37bd73b 759 outbuf[0] = s->qdev.type & 0x1f;
bfe3d7ac 760 outbuf[1] = (s->features & (1 << SCSI_DISK_F_REMOVABLE)) ? 0x80 : 0;
353815aa
DF		 761
762 strpadcpy((char *) &outbuf[16], 16, s->product, ' ');
763 strpadcpy((char *) &outbuf[8], 8, s->vendor, ' ');
764
314b1811 765 memset(&outbuf[32], 0, 4);
552fee93 766 memcpy(&outbuf[32], s->version, MIN(4, strlen(s->version)));
99aba0c4
CH		 767 /*
768 * We claim conformance to SPC-3, which is required for guests
769 * to ask for modern features like READ CAPACITY(16) or the
770 * block characteristics VPD page by default. Not all of SPC-3
771 * is actually implemented, but we're good enough.
772 */
ee3659e3 773 outbuf[2] = 5;
1109c894 774 outbuf[3] = 2 | 0x10; /* Format 2, HiSup */
ad3cea42
AT		 775
776 if (buflen > 36) {
777 outbuf[4] = buflen - 5; /* Additional Length = (Len - 1) - 4 */
778 } else {
779 /* If the allocation length of CDB is too small,
780 the additional length is not adjusted */
781 outbuf[4] = 36 - 5;
782 }
783
0b06c059 784 /* Sync data transfer and TCQ. */
afd4030c 785 outbuf[7] = 0x10 | (req->bus->info->tcq ? 0x02 : 0);
0b06c059
GH		 786 return buflen;
787}
788
430ee2f2
PB		 789static inline bool media_is_dvd(SCSIDiskState *s)
790{
791 uint64_t nb_sectors;
792 if (s->qdev.type != TYPE_ROM) {
793 return false;
794 }
4be74634 795 if (!blk_is_inserted(s->qdev.conf.blk)) {
430ee2f2
PB		 796 return false;
797 }
7d99f4c1
MR		 798 if (s->tray_open) {
799 return false;
800 }
4be74634 801 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
430ee2f2
PB		 802 return nb_sectors > CD_MAX_SECTORS;
803}
804
ceb792ef
PB		 805static inline bool media_is_cd(SCSIDiskState *s)
806{
807 uint64_t nb_sectors;
808 if (s->qdev.type != TYPE_ROM) {
809 return false;
810 }
4be74634 811 if (!blk_is_inserted(s->qdev.conf.blk)) {
ceb792ef
PB		 812 return false;
813 }
7d99f4c1
MR		 814 if (s->tray_open) {
815 return false;
816 }
4be74634 817 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
ceb792ef
PB		 818 return nb_sectors <= CD_MAX_SECTORS;
819}
820
1a4f0c3a
PB		 821static int scsi_read_disc_information(SCSIDiskState *s, SCSIDiskReq *r,
822 uint8_t *outbuf)
823{
824 uint8_t type = r->req.cmd.buf[1] & 7;
825
826 if (s->qdev.type != TYPE_ROM) {
827 return -1;
828 }
829
830 /* Types 1/2 are only defined for Blu-Ray. */
831 if (type != 0) {
832 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
833 return -1;
834 }
835
836 memset(outbuf, 0, 34);
837 outbuf[1] = 32;
838 outbuf[2] = 0xe; /* last session complete, disc finalized */
839 outbuf[3] = 1; /* first track on disc */
840 outbuf[4] = 1; /* # of sessions */
841 outbuf[5] = 1; /* first track of last session */
842 outbuf[6] = 1; /* last track of last session */
843 outbuf[7] = 0x20; /* unrestricted use */
844 outbuf[8] = 0x00; /* CD-ROM or DVD-ROM */
845 /* 9-10-11: most significant byte corresponding bytes 4-5-6 */
846 /* 12-23: not meaningful for CD-ROM or DVD-ROM */
847 /* 24-31: disc bar code */
848 /* 32: disc application code */
849 /* 33: number of OPC tables */
850
851 return 34;
852}
853
b6c251ab
PB		 854static int scsi_read_dvd_structure(SCSIDiskState *s, SCSIDiskReq *r,
855 uint8_t *outbuf)
856{
ceb792ef
PB		 857 static const int rds_caps_size[5] = {
858 [0] = 2048 + 4,
859 [1] = 4 + 4,
860 [3] = 188 + 4,
861 [4] = 2048 + 4,
862 };
863
864 uint8_t media = r->req.cmd.buf[1];
865 uint8_t layer = r->req.cmd.buf[6];
866 uint8_t format = r->req.cmd.buf[7];
867 int size = -1;
868
869 if (s->qdev.type != TYPE_ROM) {
870 return -1;
871 }
872 if (media != 0) {
873 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
874 return -1;
875 }
876
877 if (format != 0xff) {
4be74634 878 if (s->tray_open || !blk_is_inserted(s->qdev.conf.blk)) {
ceb792ef
PB		 879 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
880 return -1;
881 }
882 if (media_is_cd(s)) {
883 scsi_check_condition(r, SENSE_CODE(INCOMPATIBLE_FORMAT));
884 return -1;
885 }
886 if (format >= ARRAY_SIZE(rds_caps_size)) {
887 return -1;
888 }
889 size = rds_caps_size[format];
890 memset(outbuf, 0, size);
891 }
892
893 switch (format) {
894 case 0x00: {
895 /* Physical format information */
896 uint64_t nb_sectors;
897 if (layer != 0) {
898 goto fail;
899 }
4be74634 900 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
ceb792ef
PB		 901
902 outbuf[4] = 1; /* DVD-ROM, part version 1 */
903 outbuf[5] = 0xf; /* 120mm disc, minimum rate unspecified */
904 outbuf[6] = 1; /* one layer, read-only (per MMC-2 spec) */
905 outbuf[7] = 0; /* default densities */
906
907 stl_be_p(&outbuf[12], (nb_sectors >> 2) - 1); /* end sector */
908 stl_be_p(&outbuf[16], (nb_sectors >> 2) - 1); /* l0 end sector */
909 break;
910 }
911
912 case 0x01: /* DVD copyright information, all zeros */
913 break;
914
915 case 0x03: /* BCA information - invalid field for no BCA info */
916 return -1;
917
918 case 0x04: /* DVD disc manufacturing information, all zeros */
919 break;
920
921 case 0xff: { /* List capabilities */
922 int i;
923 size = 4;
924 for (i = 0; i < ARRAY_SIZE(rds_caps_size); i++) {
925 if (!rds_caps_size[i]) {
926 continue;
927 }
928 outbuf[size] = i;
929 outbuf[size + 1] = 0x40; /* Not writable, readable */
930 stw_be_p(&outbuf[size + 2], rds_caps_size[i]);
931 size += 4;
932 }
933 break;
934 }
935
936 default:
937 return -1;
938 }
939
940 /* Size of buffer, not including 2 byte size field */
941 stw_be_p(outbuf, size - 2);
942 return size;
943
944fail:
b6c251ab
PB		 945 return -1;
946}
947
3c2f7c12 948static int scsi_event_status_media(SCSIDiskState *s, uint8_t *outbuf)
b6c251ab 949{
3c2f7c12
PB		 950 uint8_t event_code, media_status;
951
952 media_status = 0;
953 if (s->tray_open) {
954 media_status = MS_TRAY_OPEN;
4be74634 955 } else if (blk_is_inserted(s->qdev.conf.blk)) {
3c2f7c12
PB		 956 media_status = MS_MEDIA_PRESENT;
957 }
958
959 /* Event notification descriptor */
960 event_code = MEC_NO_CHANGE;
4480de19
PB		 961 if (media_status != MS_TRAY_OPEN) {
962 if (s->media_event) {
963 event_code = MEC_NEW_MEDIA;
964 s->media_event = false;
965 } else if (s->eject_request) {
966 event_code = MEC_EJECT_REQUESTED;
967 s->eject_request = false;
968 }
3c2f7c12
PB		 969 }
970
971 outbuf[0] = event_code;
972 outbuf[1] = media_status;
973
974 /* These fields are reserved, just clear them. */
975 outbuf[2] = 0;
976 outbuf[3] = 0;
977 return 4;
978}
979
980static int scsi_get_event_status_notification(SCSIDiskState *s, SCSIDiskReq *r,
981 uint8_t *outbuf)
982{
983 int size;
984 uint8_t *buf = r->req.cmd.buf;
985 uint8_t notification_class_request = buf[4];
986 if (s->qdev.type != TYPE_ROM) {
987 return -1;
988 }
989 if ((buf[1] & 1) == 0) {
990 /* asynchronous */
991 return -1;
992 }
993
994 size = 4;
995 outbuf[0] = outbuf[1] = 0;
996 outbuf[3] = 1 << GESN_MEDIA; /* supported events */
997 if (notification_class_request & (1 << GESN_MEDIA)) {
998 outbuf[2] = GESN_MEDIA;
999 size += scsi_event_status_media(s, &outbuf[size]);
1000 } else {
1001 outbuf[2] = 0x80;
1002 }
1003 stw_be_p(outbuf, size - 4);
1004 return size;
b6c251ab
PB		 1005}
1006
430ee2f2 1007static int scsi_get_configuration(SCSIDiskState *s, uint8_t *outbuf)
b6c251ab 1008{
430ee2f2
PB		 1009 int current;
1010
b6c251ab
PB		 1011 if (s->qdev.type != TYPE_ROM) {
1012 return -1;
1013 }
7d99f4c1
MR		 1014
1015 if (media_is_dvd(s)) {
1016 current = MMC_PROFILE_DVD_ROM;
1017 } else if (media_is_cd(s)) {
1018 current = MMC_PROFILE_CD_ROM;
1019 } else {
1020 current = MMC_PROFILE_NONE;
1021 }
1022
430ee2f2
PB		 1023 memset(outbuf, 0, 40);
1024 stl_be_p(&outbuf[0], 36); /* Bytes after the data length field */
1025 stw_be_p(&outbuf[6], current);
1026 /* outbuf[8] - outbuf[19]: Feature 0 - Profile list */
1027 outbuf[10] = 0x03; /* persistent, current */
1028 outbuf[11] = 8; /* two profiles */
1029 stw_be_p(&outbuf[12], MMC_PROFILE_DVD_ROM);
1030 outbuf[14] = (current == MMC_PROFILE_DVD_ROM);
1031 stw_be_p(&outbuf[16], MMC_PROFILE_CD_ROM);
1032 outbuf[18] = (current == MMC_PROFILE_CD_ROM);
1033 /* outbuf[20] - outbuf[31]: Feature 1 - Core feature */
1034 stw_be_p(&outbuf[20], 1);
1035 outbuf[22] = 0x08 | 0x03; /* version 2, persistent, current */
1036 outbuf[23] = 8;
1037 stl_be_p(&outbuf[24], 1); /* SCSI */
1038 outbuf[28] = 1; /* DBE = 1, mandatory */
1039 /* outbuf[32] - outbuf[39]: Feature 3 - Removable media feature */
1040 stw_be_p(&outbuf[32], 3);
1041 outbuf[34] = 0x08 | 0x03; /* version 2, persistent, current */
1042 outbuf[35] = 4;
1043 outbuf[36] = 0x39; /* tray, load=1, eject=1, unlocked at powerup, lock=1 */
1044 /* TODO: Random readable, CD read, DVD read, drive serial number,
1045 power management */
1046 return 40;
b6c251ab
PB		 1047}
1048
1049static int scsi_emulate_mechanism_status(SCSIDiskState *s, uint8_t *outbuf)
1050{
1051 if (s->qdev.type != TYPE_ROM) {
1052 return -1;
1053 }
1054 memset(outbuf, 0, 8);
1055 outbuf[5] = 1; /* CD-ROM */
1056 return 8;
1057}
1058
cfc606da 1059static int mode_sense_page(SCSIDiskState *s, int page, uint8_t **p_outbuf,
282ab04e 1060 int page_control)
ebddfcbe 1061{
a8f4bbe2
PB		 1062 static const int mode_sense_valid[0x3f] = {
1063 [MODE_PAGE_HD_GEOMETRY] = (1 << TYPE_DISK),
1064 [MODE_PAGE_FLEXIBLE_DISK_GEOMETRY] = (1 << TYPE_DISK),
1065 [MODE_PAGE_CACHING] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
a07c7dcd
PB		 1066 [MODE_PAGE_R_W_ERROR] = (1 << TYPE_DISK) | (1 << TYPE_ROM),
1067 [MODE_PAGE_AUDIO_CTL] = (1 << TYPE_ROM),
a8f4bbe2
PB		 1068 [MODE_PAGE_CAPABILITIES] = (1 << TYPE_ROM),
1069 };
ef405611
PB		 1070
1071 uint8_t *p = *p_outbuf + 2;
1072 int length;
ebddfcbe 1073
a8f4bbe2
PB		 1074 if ((mode_sense_valid[page] & (1 << s->qdev.type)) == 0) {
1075 return -1;
1076 }
1077
282ab04e
BK		 1078 /*
1079 * If Changeable Values are requested, a mask denoting those mode parameters
1080 * that are changeable shall be returned. As we currently don't support
1081 * parameter changes via MODE_SELECT all bits are returned set to zero.
1082 * The buffer was already menset to zero by the caller of this function.
ef405611
PB		 1083 *
1084 * The offsets here are off by two compared to the descriptions in the
1085 * SCSI specs, because those include a 2-byte header. This is unfortunate,
1086 * but it is done so that offsets are consistent within our implementation
1087 * of MODE SENSE and MODE SELECT. MODE SELECT has to deal with both
1088 * 2-byte and 4-byte headers.
282ab04e 1089 */
ebddfcbe 1090 switch (page) {
67cc61e4 1091 case MODE_PAGE_HD_GEOMETRY:
ef405611 1092 length = 0x16;
282ab04e 1093 if (page_control == 1) { /* Changeable Values */
cfc606da 1094 break;
282ab04e 1095 }
ebddfcbe 1096 /* if a geometry hint is available, use it */
ef405611
PB		 1097 p[0] = (s->qdev.conf.cyls >> 16) & 0xff;
1098 p[1] = (s->qdev.conf.cyls >> 8) & 0xff;
1099 p[2] = s->qdev.conf.cyls & 0xff;
1100 p[3] = s->qdev.conf.heads & 0xff;
ebddfcbe 1101 /* Write precomp start cylinder, disabled */
ef405611
PB		 1102 p[4] = (s->qdev.conf.cyls >> 16) & 0xff;
1103 p[5] = (s->qdev.conf.cyls >> 8) & 0xff;
1104 p[6] = s->qdev.conf.cyls & 0xff;
ebddfcbe 1105 /* Reduced current start cylinder, disabled */
ef405611
PB		 1106 p[7] = (s->qdev.conf.cyls >> 16) & 0xff;
1107 p[8] = (s->qdev.conf.cyls >> 8) & 0xff;
1108 p[9] = s->qdev.conf.cyls & 0xff;
ebddfcbe 1109 /* Device step rate [ns], 200ns */
ef405611
PB		 1110 p[10] = 0;
1111 p[11] = 200;
ebddfcbe 1112 /* Landing zone cylinder */
ef405611
PB		 1113 p[12] = 0xff;
1114 p[13] = 0xff;
ebddfcbe 1115 p[14] = 0xff;
ebddfcbe 1116 /* Medium rotation rate [rpm], 5400 rpm */
ef405611
PB		 1117 p[18] = (5400 >> 8) & 0xff;
1118 p[19] = 5400 & 0xff;
cfc606da 1119 break;
ebddfcbe 1120
67cc61e4 1121 case MODE_PAGE_FLEXIBLE_DISK_GEOMETRY:
ef405611 1122 length = 0x1e;
282ab04e 1123 if (page_control == 1) { /* Changeable Values */
cfc606da 1124 break;
282ab04e 1125 }
ebddfcbe 1126 /* Transfer rate [kbit/s], 5Mbit/s */
ef405611
PB		 1127 p[0] = 5000 >> 8;
1128 p[1] = 5000 & 0xff;
ebddfcbe 1129 /* if a geometry hint is available, use it */
ef405611
PB		 1130 p[2] = s->qdev.conf.heads & 0xff;
1131 p[3] = s->qdev.conf.secs & 0xff;
1132 p[4] = s->qdev.blocksize >> 8;
1133 p[6] = (s->qdev.conf.cyls >> 8) & 0xff;
1134 p[7] = s->qdev.conf.cyls & 0xff;
1135 /* Write precomp start cylinder, disabled */
d252df48
MA		 1136 p[8] = (s->qdev.conf.cyls >> 8) & 0xff;
1137 p[9] = s->qdev.conf.cyls & 0xff;
ef405611 1138 /* Reduced current start cylinder, disabled */
d252df48
MA		 1139 p[10] = (s->qdev.conf.cyls >> 8) & 0xff;
1140 p[11] = s->qdev.conf.cyls & 0xff;
ebddfcbe 1141 /* Device step rate [100us], 100us */
ef405611
PB		 1142 p[12] = 0;
1143 p[13] = 1;
ebddfcbe 1144 /* Device step pulse width [us], 1us */
ef405611 1145 p[14] = 1;
ebddfcbe 1146 /* Device head settle delay [100us], 100us */
ef405611
PB		 1147 p[15] = 0;
1148 p[16] = 1;
ebddfcbe 1149 /* Motor on delay [0.1s], 0.1s */
ef405611 1150 p[17] = 1;
ebddfcbe 1151 /* Motor off delay [0.1s], 0.1s */
ef405611 1152 p[18] = 1;
ebddfcbe 1153 /* Medium rotation rate [rpm], 5400 rpm */
ef405611
PB		 1154 p[26] = (5400 >> 8) & 0xff;
1155 p[27] = 5400 & 0xff;
cfc606da 1156 break;
ebddfcbe 1157
67cc61e4 1158 case MODE_PAGE_CACHING:
ef405611 1159 length = 0x12;
96c91bbf 1160 if (page_control == 1 || /* Changeable Values */
4be74634 1161 blk_enable_write_cache(s->qdev.conf.blk)) {
ef405611 1162 p[0] = 4; /* WCE */
ebddfcbe 1163 }
cfc606da 1164 break;
ebddfcbe 1165
a07c7dcd 1166 case MODE_PAGE_R_W_ERROR:
ef405611 1167 length = 10;
4f588b15
PB		 1168 if (page_control == 1) { /* Changeable Values */
1169 break;
1170 }
ef405611 1171 p[0] = 0x80; /* Automatic Write Reallocation Enabled */
a07c7dcd 1172 if (s->qdev.type == TYPE_ROM) {
ef405611 1173 p[1] = 0x20; /* Read Retry Count */
a07c7dcd
PB		 1174 }
1175 break;
1176
1177 case MODE_PAGE_AUDIO_CTL:
ef405611 1178 length = 14;
a07c7dcd
PB		 1179 break;
1180
67cc61e4 1181 case MODE_PAGE_CAPABILITIES:
ef405611 1182 length = 0x14;
282ab04e 1183 if (page_control == 1) { /* Changeable Values */
cfc606da 1184 break;
282ab04e 1185 }
a07c7dcd 1186
ef405611
PB		 1187 p[0] = 0x3b; /* CD-R & CD-RW read */
1188 p[1] = 0; /* Writing not supported */
1189 p[2] = 0x7f; /* Audio, composite, digital out,
ebddfcbe 1190 mode 2 form 1&2, multi session */
ef405611 1191 p[3] = 0xff; /* CD DA, DA accurate, RW supported,
ebddfcbe
GH		 1192 RW corrected, C2 errors, ISRC,
1193 UPC, Bar code */
ef405611 1194 p[4] = 0x2d | (s->tray_locked ? 2 : 0);
ebddfcbe 1195 /* Locking supported, jumper present, eject, tray */
ef405611 1196 p[5] = 0; /* no volume & mute control, no
ebddfcbe 1197 changer */
ef405611
PB		 1198 p[6] = (50 * 176) >> 8; /* 50x read speed */
1199 p[7] = (50 * 176) & 0xff;
1200 p[8] = 2 >> 8; /* Two volume levels */
1201 p[9] = 2 & 0xff;
1202 p[10] = 2048 >> 8; /* 2M buffer */
1203 p[11] = 2048 & 0xff;
1204 p[12] = (16 * 176) >> 8; /* 16x read speed current */
1205 p[13] = (16 * 176) & 0xff;
1206 p[16] = (16 * 176) >> 8; /* 16x write speed */
1207 p[17] = (16 * 176) & 0xff;
1208 p[18] = (16 * 176) >> 8; /* 16x write speed current */
ebddfcbe 1209 p[19] = (16 * 176) & 0xff;
cfc606da 1210 break;
ebddfcbe
GH		 1211
1212 default:
cfc606da 1213 return -1;
ebddfcbe 1214 }
cfc606da 1215
ef405611
PB		 1216 assert(length < 256);
1217 (*p_outbuf)[0] = page;
1218 (*p_outbuf)[1] = length;
1219 *p_outbuf += length + 2;
1220 return length + 2;
ebddfcbe
GH		 1221}
1222
cfc606da 1223static int scsi_disk_emulate_mode_sense(SCSIDiskReq *r, uint8_t *outbuf)
ebddfcbe 1224{
cfc606da 1225 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
ebddfcbe 1226 uint64_t nb_sectors;
e590ecbe
PB		 1227 bool dbd;
1228 int page, buflen, ret, page_control;
ebddfcbe 1229 uint8_t *p;
ce512ee1 1230 uint8_t dev_specific_param;
ebddfcbe 1231
e590ecbe 1232 dbd = (r->req.cmd.buf[1] & 0x8) != 0;
cfc606da
PB		 1233 page = r->req.cmd.buf[2] & 0x3f;
1234 page_control = (r->req.cmd.buf[2] & 0xc0) >> 6;
aa2b1e89 1235 DPRINTF("Mode Sense(%d) (page %d, xfer %zd, page_control %d)\n",
cfc606da
PB		 1236 (r->req.cmd.buf[0] == MODE_SENSE) ? 6 : 10, page, r->req.cmd.xfer, page_control);
1237 memset(outbuf, 0, r->req.cmd.xfer);
ebddfcbe
GH		 1238 p = outbuf;
1239
e590ecbe 1240 if (s->qdev.type == TYPE_DISK) {
da8365db 1241 dev_specific_param = s->features & (1 << SCSI_DISK_F_DPOFUA) ? 0x10 : 0;
4be74634 1242 if (blk_is_read_only(s->qdev.conf.blk)) {
e590ecbe
PB		 1243 dev_specific_param |= 0x80; /* Readonly. */
1244 }
ce512ee1 1245 } else {
e590ecbe
PB		 1246 /* MMC prescribes that CD/DVD drives have no block descriptors,
1247 * and defines no device-specific parameter. */
6a2de0f2 1248 dev_specific_param = 0x00;
e590ecbe 1249 dbd = true;
ce512ee1
BK		 1250 }
1251
cfc606da 1252 if (r->req.cmd.buf[0] == MODE_SENSE) {
ce512ee1
BK		 1253 p[1] = 0; /* Default media type. */
1254 p[2] = dev_specific_param;
1255 p[3] = 0; /* Block descriptor length. */
1256 p += 4;
1257 } else { /* MODE_SENSE_10 */
1258 p[2] = 0; /* Default media type. */
1259 p[3] = dev_specific_param;
1260 p[6] = p[7] = 0; /* Block descriptor length. */
1261 p += 8;
ebddfcbe 1262 }
ebddfcbe 1263
4be74634 1264 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
e590ecbe 1265 if (!dbd && nb_sectors) {
cfc606da 1266 if (r->req.cmd.buf[0] == MODE_SENSE) {
ce512ee1
BK		 1267 outbuf[3] = 8; /* Block descriptor length */
1268 } else { /* MODE_SENSE_10 */
1269 outbuf[7] = 8; /* Block descriptor length */
1270 }
69377307 1271 nb_sectors /= (s->qdev.blocksize / 512);
f01b5931 1272 if (nb_sectors > 0xffffff) {
2488b740 1273 nb_sectors = 0;
f01b5931 1274 }
ebddfcbe
GH		 1275 p[0] = 0; /* media density code */
1276 p[1] = (nb_sectors >> 16) & 0xff;
1277 p[2] = (nb_sectors >> 8) & 0xff;
1278 p[3] = nb_sectors & 0xff;
1279 p[4] = 0; /* reserved */
1280 p[5] = 0; /* bytes 5-7 are the sector size in bytes */
69377307 1281 p[6] = s->qdev.blocksize >> 8;
ebddfcbe
GH		 1282 p[7] = 0;
1283 p += 8;
1284 }
1285
cfc606da
PB		 1286 if (page_control == 3) {
1287 /* Saved Values */
1288 scsi_check_condition(r, SENSE_CODE(SAVING_PARAMS_NOT_SUPPORTED));
1289 return -1;
282ab04e
BK		 1290 }
1291
cfc606da
PB		 1292 if (page == 0x3f) {
1293 for (page = 0; page <= 0x3e; page++) {
1294 mode_sense_page(s, page, &p, page_control);
1295 }
1296 } else {
1297 ret = mode_sense_page(s, page, &p, page_control);
1298 if (ret == -1) {
1299 return -1;
1300 }
ebddfcbe
GH		 1301 }
1302
1303 buflen = p - outbuf;
ce512ee1
BK		 1304 /*
1305 * The mode data length field specifies the length in bytes of the
1306 * following data that is available to be transferred. The mode data
1307 * length does not include itself.
1308 */
cfc606da 1309 if (r->req.cmd.buf[0] == MODE_SENSE) {
ce512ee1
BK		 1310 outbuf[0] = buflen - 1;
1311 } else { /* MODE_SENSE_10 */
1312 outbuf[0] = ((buflen - 2) >> 8) & 0xff;
1313 outbuf[1] = (buflen - 2) & 0xff;
1314 }
ebddfcbe
GH		 1315 return buflen;
1316}
1317
02880f43
GH		 1318static int scsi_disk_emulate_read_toc(SCSIRequest *req, uint8_t *outbuf)
1319{
1320 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
02880f43
GH		 1321 int start_track, format, msf, toclen;
1322 uint64_t nb_sectors;
1323
1324 msf = req->cmd.buf[1] & 2;
1325 format = req->cmd.buf[2] & 0xf;
1326 start_track = req->cmd.buf[6];
4be74634 1327 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
02880f43 1328 DPRINTF("Read TOC (track %d format %d msf %d)\n", start_track, format, msf >> 1);
69377307 1329 nb_sectors /= s->qdev.blocksize / 512;
02880f43
GH		 1330 switch (format) {
1331 case 0:
1332 toclen = cdrom_read_toc(nb_sectors, outbuf, msf, start_track);
1333 break;
1334 case 1:
1335 /* multi session : only a single session defined */
1336 toclen = 12;
1337 memset(outbuf, 0, 12);
1338 outbuf[1] = 0x0a;
1339 outbuf[2] = 0x01;
1340 outbuf[3] = 0x01;
1341 break;
1342 case 2:
1343 toclen = cdrom_read_toc_raw(nb_sectors, outbuf, msf, start_track);
1344 break;
1345 default:
1346 return -1;
1347 }
02880f43
GH		 1348 return toclen;
1349}
1350
68bb01f3 1351static int scsi_disk_emulate_start_stop(SCSIDiskReq *r)
bfd52647
MA		 1352{
1353 SCSIRequest *req = &r->req;
1354 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1355 bool start = req->cmd.buf[4] & 1;
1356 bool loej = req->cmd.buf[4] & 2; /* load on start, eject on !start */
ae5708b3
RS		 1357 int pwrcnd = req->cmd.buf[4] & 0xf0;
1358
1359 if (pwrcnd) {
1360 /* eject/load only happens for power condition == 0 */
1361 return 0;
1362 }
bfd52647 1363
b456a71c 1364 if ((s->features & (1 << SCSI_DISK_F_REMOVABLE)) && loej) {
68bb01f3
MA		 1365 if (!start && !s->tray_open && s->tray_locked) {
1366 scsi_check_condition(r,
4be74634 1367 blk_is_inserted(s->qdev.conf.blk)
68bb01f3
MA		 1368 ? SENSE_CODE(ILLEGAL_REQ_REMOVAL_PREVENTED)
1369 : SENSE_CODE(NOT_READY_REMOVAL_PREVENTED));
1370 return -1;
fdec4404 1371 }
d88b1819
LC		 1372
1373 if (s->tray_open != !start) {
4be74634 1374 blk_eject(s->qdev.conf.blk, !start);
d88b1819
LC		 1375 s->tray_open = !start;
1376 }
bfd52647 1377 }
68bb01f3 1378 return 0;
bfd52647
MA		 1379}
1380
314a3299
PB		 1381static void scsi_disk_emulate_read_data(SCSIRequest *req)
1382{
1383 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1384 int buflen = r->iov.iov_len;
1385
1386 if (buflen) {
79fb50bb 1387 DPRINTF("Read buf_len=%d\n", buflen);
314a3299
PB		 1388 r->iov.iov_len = 0;
1389 r->started = true;
1390 scsi_req_data(&r->req, buflen);
1391 return;
1392 }
1393
1394 /* This also clears the sense buffer for REQUEST SENSE. */
1395 scsi_req_complete(&r->req, GOOD);
1396}
1397
380feaff
PB		 1398static int scsi_disk_check_mode_select(SCSIDiskState *s, int page,
1399 uint8_t *inbuf, int inlen)
1400{
1401 uint8_t mode_current[SCSI_MAX_MODE_LEN];
1402 uint8_t mode_changeable[SCSI_MAX_MODE_LEN];
1403 uint8_t *p;
1404 int len, expected_len, changeable_len, i;
1405
1406 /* The input buffer does not include the page header, so it is
1407 * off by 2 bytes.
1408 */
1409 expected_len = inlen + 2;
1410 if (expected_len > SCSI_MAX_MODE_LEN) {
1411 return -1;
1412 }
1413
1414 p = mode_current;
1415 memset(mode_current, 0, inlen + 2);
1416 len = mode_sense_page(s, page, &p, 0);
1417 if (len < 0 || len != expected_len) {
1418 return -1;
1419 }
1420
1421 p = mode_changeable;
1422 memset(mode_changeable, 0, inlen + 2);
1423 changeable_len = mode_sense_page(s, page, &p, 1);
1424 assert(changeable_len == len);
1425
1426 /* Check that unchangeable bits are the same as what MODE SENSE
1427 * would return.
1428 */
1429 for (i = 2; i < len; i++) {
1430 if (((mode_current[i] ^ inbuf[i - 2]) & ~mode_changeable[i]) != 0) {
1431 return -1;
1432 }
1433 }
1434 return 0;
1435}
1436
1437static void scsi_disk_apply_mode_select(SCSIDiskState *s, int page, uint8_t *p)
1438{
96c91bbf
PB		 1439 switch (page) {
1440 case MODE_PAGE_CACHING:
4be74634 1441 blk_set_enable_write_cache(s->qdev.conf.blk, (p[0] & 4) != 0);
96c91bbf
PB		 1442 break;
1443
1444 default:
1445 break;
1446 }
380feaff
PB		 1447}
1448
1449static int mode_select_pages(SCSIDiskReq *r, uint8_t *p, int len, bool change)
1450{
1451 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1452
1453 while (len > 0) {
1454 int page, subpage, page_len;
1455
1456 /* Parse both possible formats for the mode page headers. */
1457 page = p[0] & 0x3f;
1458 if (p[0] & 0x40) {
1459 if (len < 4) {
1460 goto invalid_param_len;
1461 }
1462 subpage = p[1];
1463 page_len = lduw_be_p(&p[2]);
1464 p += 4;
1465 len -= 4;
1466 } else {
1467 if (len < 2) {
1468 goto invalid_param_len;
1469 }
1470 subpage = 0;
1471 page_len = p[1];
1472 p += 2;
1473 len -= 2;
1474 }
1475
1476 if (subpage) {
1477 goto invalid_param;
1478 }
1479 if (page_len > len) {
1480 goto invalid_param_len;
1481 }
1482
1483 if (!change) {
1484 if (scsi_disk_check_mode_select(s, page, p, page_len) < 0) {
1485 goto invalid_param;
1486 }
1487 } else {
1488 scsi_disk_apply_mode_select(s, page, p);
1489 }
1490
1491 p += page_len;
1492 len -= page_len;
1493 }
1494 return 0;
1495
1496invalid_param:
1497 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM));
1498 return -1;
1499
1500invalid_param_len:
1501 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN));
1502 return -1;
1503}
1504
1505static void scsi_disk_emulate_mode_select(SCSIDiskReq *r, uint8_t *inbuf)
1506{
accfeb2d 1507 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
380feaff
PB		 1508 uint8_t *p = inbuf;
1509 int cmd = r->req.cmd.buf[0];
1510 int len = r->req.cmd.xfer;
1511 int hdr_len = (cmd == MODE_SELECT ? 4 : 8);
1512 int bd_len;
1513 int pass;
1514
1515 /* We only support PF=1, SP=0. */
1516 if ((r->req.cmd.buf[1] & 0x11) != 0x10) {
1517 goto invalid_field;
1518 }
1519
1520 if (len < hdr_len) {
1521 goto invalid_param_len;
1522 }
1523
1524 bd_len = (cmd == MODE_SELECT ? p[3] : lduw_be_p(&p[6]));
1525 len -= hdr_len;
1526 p += hdr_len;
1527 if (len < bd_len) {
1528 goto invalid_param_len;
1529 }
1530 if (bd_len != 0 && bd_len != 8) {
1531 goto invalid_param;
1532 }
1533
1534 len -= bd_len;
1535 p += bd_len;
1536
1537 /* Ensure no change is made if there is an error! */
1538 for (pass = 0; pass < 2; pass++) {
1539 if (mode_select_pages(r, p, len, pass == 1) < 0) {
1540 assert(pass == 0);
1541 return;
1542 }
1543 }
4be74634 1544 if (!blk_enable_write_cache(s->qdev.conf.blk)) {
accfeb2d
PB		 1545 /* The request is used as the AIO opaque value, so add a ref. */
1546 scsi_req_ref(&r->req);
4be74634 1547 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0,
5366d0c8 1548 BLOCK_ACCT_FLUSH);
4be74634 1549 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r);
accfeb2d
PB		 1550 return;
1551 }
1552
380feaff
PB		 1553 scsi_req_complete(&r->req, GOOD);
1554 return;
1555
1556invalid_param:
1557 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM));
1558 return;
1559
1560invalid_param_len:
1561 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN));
1562 return;
1563
1564invalid_field:
1565 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
380feaff
PB		 1566}
1567
444bc908
PB		 1568static inline bool check_lba_range(SCSIDiskState *s,
1569 uint64_t sector_num, uint32_t nb_sectors)
1570{
1571 /*
1572 * The first line tests that no overflow happens when computing the last
1573 * sector. The second line tests that the last accessed sector is in
1574 * range.
12ca76fc
PB		 1575 *
1576 * Careful, the computations should not underflow for nb_sectors == 0,
1577 * and a 0-block read to the first LBA beyond the end of device is
1578 * valid.
444bc908
PB		 1579 */
1580 return (sector_num <= sector_num + nb_sectors &&
12ca76fc 1581 sector_num + nb_sectors <= s->qdev.max_lba + 1);
444bc908
PB		 1582}
1583
5222aaf2
PB		 1584typedef struct UnmapCBData {
1585 SCSIDiskReq *r;
1586 uint8_t *inbuf;
1587 int count;
1588} UnmapCBData;
1589
5fd2b563
PB		 1590static void scsi_unmap_complete(void *opaque, int ret);
1591
1592static void scsi_unmap_complete_noio(UnmapCBData *data, int ret)
5222aaf2 1593{
5222aaf2
PB		 1594 SCSIDiskReq *r = data->r;
1595 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1596 uint64_t sector_num;
5bb0b62e 1597 uint32_t nb_sectors;
5222aaf2 1598
5fd2b563 1599 assert(r->req.aiocb == NULL);
5b956f41 1600 if (scsi_disk_req_check_error(r, ret, false)) {
d0242ead
PB		 1601 goto done;
1602 }
1603
d0242ead 1604 if (data->count > 0) {
5222aaf2
PB		 1605 sector_num = ldq_be_p(&data->inbuf[0]);
1606 nb_sectors = ldl_be_p(&data->inbuf[8]) & 0xffffffffULL;
444bc908 1607 if (!check_lba_range(s, sector_num, nb_sectors)) {
5222aaf2
PB		 1608 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
1609 goto done;
1610 }
1611
4be74634
MA		 1612 r->req.aiocb = blk_aio_discard(s->qdev.conf.blk,
1613 sector_num * (s->qdev.blocksize / 512),
1614 nb_sectors * (s->qdev.blocksize / 512),
1615 scsi_unmap_complete, data);
5222aaf2
PB		 1616 data->count--;
1617 data->inbuf += 16;
1618 return;
1619 }
1620
d0242ead
PB		 1621 scsi_req_complete(&r->req, GOOD);
1622
5222aaf2 1623done:
3df9caf8 1624 scsi_req_unref(&r->req);
5222aaf2
PB		 1625 g_free(data);
1626}
1627
5fd2b563
PB		 1628static void scsi_unmap_complete(void *opaque, int ret)
1629{
1630 UnmapCBData *data = opaque;
1631 SCSIDiskReq *r = data->r;
1632
1633 assert(r->req.aiocb != NULL);
1634 r->req.aiocb = NULL;
1635
1636 scsi_unmap_complete_noio(data, ret);
1637}
1638
5222aaf2
PB		 1639static void scsi_disk_emulate_unmap(SCSIDiskReq *r, uint8_t *inbuf)
1640{
c5fd1fb0 1641 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
5222aaf2
PB		 1642 uint8_t *p = inbuf;
1643 int len = r->req.cmd.xfer;
1644 UnmapCBData *data;
1645
823bd739
PB		 1646 /* Reject ANCHOR=1. */
1647 if (r->req.cmd.buf[1] & 0x1) {
1648 goto invalid_field;
1649 }
1650
5222aaf2
PB		 1651 if (len < 8) {
1652 goto invalid_param_len;
1653 }
1654 if (len < lduw_be_p(&p[0]) + 2) {
1655 goto invalid_param_len;
1656 }
1657 if (len < lduw_be_p(&p[2]) + 8) {
1658 goto invalid_param_len;
1659 }
1660 if (lduw_be_p(&p[2]) & 15) {
1661 goto invalid_param_len;
1662 }
1663
4be74634 1664 if (blk_is_read_only(s->qdev.conf.blk)) {
c5fd1fb0
PB		 1665 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED));
1666 return;
1667 }
1668
5222aaf2
PB		 1669 data = g_new0(UnmapCBData, 1);
1670 data->r = r;
1671 data->inbuf = &p[8];
1672 data->count = lduw_be_p(&p[2]) >> 4;
1673
1674 /* The matching unref is in scsi_unmap_complete, before data is freed. */
1675 scsi_req_ref(&r->req);
5fd2b563 1676 scsi_unmap_complete_noio(data, 0);
5222aaf2
PB		 1677 return;
1678
1679invalid_param_len:
1680 scsi_check_condition(r, SENSE_CODE(INVALID_PARAM_LEN));
823bd739
PB		 1681 return;
1682
1683invalid_field:
1684 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
5222aaf2
PB		 1685}
1686
84f94a9a
PB		 1687typedef struct WriteSameCBData {
1688 SCSIDiskReq *r;
1689 int64_t sector;
1690 int nb_sectors;
1691 QEMUIOVector qiov;
1692 struct iovec iov;
1693} WriteSameCBData;
1694
1695static void scsi_write_same_complete(void *opaque, int ret)
1696{
1697 WriteSameCBData *data = opaque;
1698 SCSIDiskReq *r = data->r;
1699 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
1700
1701 assert(r->req.aiocb != NULL);
1702 r->req.aiocb = NULL;
5b956f41 1703 if (scsi_disk_req_check_error(r, ret, true)) {
84f94a9a
PB		 1704 goto done;
1705 }
1706
d7628080
AG		 1707 block_acct_done(blk_get_stats(s->qdev.conf.blk), &r->acct);
1708
84f94a9a
PB		 1709 data->nb_sectors -= data->iov.iov_len / 512;
1710 data->sector += data->iov.iov_len / 512;
1711 data->iov.iov_len = MIN(data->nb_sectors * 512, data->iov.iov_len);
1712 if (data->iov.iov_len) {
4be74634 1713 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
5366d0c8 1714 data->iov.iov_len, BLOCK_ACCT_WRITE);
03c90063
EB		 1715 /* Reinitialize qiov, to handle unaligned WRITE SAME request
1716 * where final qiov may need smaller size */
a56537a1 1717 qemu_iovec_init_external(&data->qiov, &data->iov, 1);
03c90063
EB		 1718 r->req.aiocb = blk_aio_pwritev(s->qdev.conf.blk,
1719 data->sector << BDRV_SECTOR_BITS,
1720 &data->qiov, 0,
1721 scsi_write_same_complete, data);
84f94a9a
PB		 1722 return;
1723 }
1724
1725 scsi_req_complete(&r->req, GOOD);
1726
1727done:
3df9caf8 1728 scsi_req_unref(&r->req);
84f94a9a
PB		 1729 qemu_vfree(data->iov.iov_base);
1730 g_free(data);
1731}
1732
1733static void scsi_disk_emulate_write_same(SCSIDiskReq *r, uint8_t *inbuf)
1734{
1735 SCSIRequest *req = &r->req;
1736 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
1894df02 1737 uint32_t nb_sectors = scsi_data_cdb_xfer(r->req.cmd.buf);
84f94a9a
PB		 1738 WriteSameCBData *data;
1739 uint8_t *buf;
1740 int i;
1741
1742 /* Fail if PBDATA=1 or LBDATA=1 or ANCHOR=1. */
1743 if (nb_sectors == 0 || (req->cmd.buf[1] & 0x16)) {
1744 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1745 return;
1746 }
1747
4be74634 1748 if (blk_is_read_only(s->qdev.conf.blk)) {
84f94a9a
PB		 1749 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED));
1750 return;
1751 }
1752 if (!check_lba_range(s, r->req.cmd.lba, nb_sectors)) {
1753 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
1754 return;
1755 }
1756
1757 if (buffer_is_zero(inbuf, s->qdev.blocksize)) {
1758 int flags = (req->cmd.buf[1] & 0x8) ? BDRV_REQ_MAY_UNMAP : 0;
1759
1760 /* The request is used as the AIO opaque value, so add a ref. */
1761 scsi_req_ref(&r->req);
4be74634 1762 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
5366d0c8
BC		 1763 nb_sectors * s->qdev.blocksize,
1764 BLOCK_ACCT_WRITE);
d004bd52 1765 r->req.aiocb = blk_aio_pwrite_zeroes(s->qdev.conf.blk,
983a1600
EB		 1766 r->req.cmd.lba * s->qdev.blocksize,
1767 nb_sectors * s->qdev.blocksize,
4be74634 1768 flags, scsi_aio_complete, r);
84f94a9a
PB		 1769 return;
1770 }
1771
1772 data = g_new0(WriteSameCBData, 1);
1773 data->r = r;
1774 data->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
1775 data->nb_sectors = nb_sectors * (s->qdev.blocksize / 512);
1776 data->iov.iov_len = MIN(data->nb_sectors * 512, SCSI_WRITE_SAME_MAX);
4be74634
MA		 1777 data->iov.iov_base = buf = blk_blockalign(s->qdev.conf.blk,
1778 data->iov.iov_len);
84f94a9a
PB		 1779 qemu_iovec_init_external(&data->qiov, &data->iov, 1);
1780
1781 for (i = 0; i < data->iov.iov_len; i += s->qdev.blocksize) {
1782 memcpy(&buf[i], inbuf, s->qdev.blocksize);
1783 }
1784
1785 scsi_req_ref(&r->req);
4be74634 1786 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct,
5366d0c8 1787 data->iov.iov_len, BLOCK_ACCT_WRITE);
03c90063
EB		 1788 r->req.aiocb = blk_aio_pwritev(s->qdev.conf.blk,
1789 data->sector << BDRV_SECTOR_BITS,
1790 &data->qiov, 0,
1791 scsi_write_same_complete, data);
84f94a9a
PB		 1792}
1793
314a3299
PB		 1794static void scsi_disk_emulate_write_data(SCSIRequest *req)
1795{
af6d510d
PB		 1796 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
1797
1798 if (r->iov.iov_len) {
1799 int buflen = r->iov.iov_len;
79fb50bb 1800 DPRINTF("Write buf_len=%d\n", buflen);
af6d510d
PB		 1801 r->iov.iov_len = 0;
1802 scsi_req_data(&r->req, buflen);
1803 return;
1804 }
1805
1806 switch (req->cmd.buf[0]) {
1807 case MODE_SELECT:
1808 case MODE_SELECT_10:
1809 /* This also clears the sense buffer for REQUEST SENSE. */
380feaff 1810 scsi_disk_emulate_mode_select(r, r->iov.iov_base);
af6d510d
PB		 1811 break;
1812
5222aaf2
PB		 1813 case UNMAP:
1814 scsi_disk_emulate_unmap(r, r->iov.iov_base);
1815 break;
1816
d97e7730
PB		 1817 case VERIFY_10:
1818 case VERIFY_12:
1819 case VERIFY_16:
1820 if (r->req.status == -1) {
1821 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
1822 }
1823 break;
1824
84f94a9a
PB		 1825 case WRITE_SAME_10:
1826 case WRITE_SAME_16:
1827 scsi_disk_emulate_write_same(r, r->iov.iov_base);
1828 break;
d97e7730 1829
af6d510d
PB		 1830 default:
1831 abort();
1832 }
314a3299
PB		 1833}
1834
b08d0ea0 1835static int32_t scsi_disk_emulate_command(SCSIRequest *req, uint8_t *buf)
aa5dbdc1 1836{
b08d0ea0 1837 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
e7e25e32 1838 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
e7e25e32 1839 uint64_t nb_sectors;
7285477a 1840 uint8_t *outbuf;
af6d510d 1841 int buflen;
aa5dbdc1 1842
b08d0ea0
PB		 1843 switch (req->cmd.buf[0]) {
1844 case INQUIRY:
1845 case MODE_SENSE:
1846 case MODE_SENSE_10:
1847 case RESERVE:
1848 case RESERVE_10:
1849 case RELEASE:
1850 case RELEASE_10:
1851 case START_STOP:
1852 case ALLOW_MEDIUM_REMOVAL:
1853 case GET_CONFIGURATION:
1854 case GET_EVENT_STATUS_NOTIFICATION:
1855 case MECHANISM_STATUS:
1856 case REQUEST_SENSE:
1857 break;
1858
1859 default:
4be74634 1860 if (s->tray_open || !blk_is_inserted(s->qdev.conf.blk)) {
b08d0ea0
PB		 1861 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
1862 return 0;
1863 }
1864 break;
1865 }
1866
c8dcb531
PB		 1867 /*
1868 * FIXME: we shouldn't return anything bigger than 4k, but the code
1869 * requires the buffer to be as big as req->cmd.xfer in several
1870 * places. So, do not allow CDBs with a very large ALLOCATION
1871 * LENGTH. The real fix would be to modify scsi_read_data and
1872 * dma_buf_read, so that they return data beyond the buflen
1873 * as all zeros.
1874 */
1875 if (req->cmd.xfer > 65536) {
1876 goto illegal_request;
1877 }
1878 r->buflen = MAX(4096, req->cmd.xfer);
1879
7285477a 1880 if (!r->iov.iov_base) {
4be74634 1881 r->iov.iov_base = blk_blockalign(s->qdev.conf.blk, r->buflen);
7285477a
PB		 1882 }
1883
af6d510d 1884 buflen = req->cmd.xfer;
7285477a 1885 outbuf = r->iov.iov_base;
c8dcb531 1886 memset(outbuf, 0, r->buflen);
aa5dbdc1
GH		 1887 switch (req->cmd.buf[0]) {
1888 case TEST_UNIT_READY:
4be74634 1889 assert(!s->tray_open && blk_is_inserted(s->qdev.conf.blk));
5f71d32f 1890 break;
0b06c059
GH		 1891 case INQUIRY:
1892 buflen = scsi_disk_emulate_inquiry(req, outbuf);
f01b5931 1893 if (buflen < 0) {
0b06c059 1894 goto illegal_request;
f01b5931 1895 }
5f71d32f 1896 break;
ebddfcbe
GH		 1897 case MODE_SENSE:
1898 case MODE_SENSE_10:
cfc606da 1899 buflen = scsi_disk_emulate_mode_sense(r, outbuf);
f01b5931 1900 if (buflen < 0) {
ebddfcbe 1901 goto illegal_request;
f01b5931 1902 }
ebddfcbe 1903 break;
02880f43
GH		 1904 case READ_TOC:
1905 buflen = scsi_disk_emulate_read_toc(req, outbuf);
f01b5931 1906 if (buflen < 0) {
02880f43 1907 goto illegal_request;
f01b5931 1908 }
02880f43 1909 break;
3d53ba18 1910 case RESERVE:
f01b5931 1911 if (req->cmd.buf[1] & 1) {
3d53ba18 1912 goto illegal_request;
f01b5931 1913 }
3d53ba18
GH		 1914 break;
1915 case RESERVE_10:
f01b5931 1916 if (req->cmd.buf[1] & 3) {
3d53ba18 1917 goto illegal_request;
f01b5931 1918 }
3d53ba18
GH		 1919 break;
1920 case RELEASE:
f01b5931 1921 if (req->cmd.buf[1] & 1) {
3d53ba18 1922 goto illegal_request;
f01b5931 1923 }
3d53ba18
GH		 1924 break;
1925 case RELEASE_10:
f01b5931 1926 if (req->cmd.buf[1] & 3) {
3d53ba18 1927 goto illegal_request;
f01b5931 1928 }
3d53ba18 1929 break;
8d3628ff 1930 case START_STOP:
68bb01f3 1931 if (scsi_disk_emulate_start_stop(r) < 0) {
b08d0ea0 1932 return 0;
68bb01f3 1933 }
5f71d32f 1934 break;
c68b9f34 1935 case ALLOW_MEDIUM_REMOVAL:
81b1008d 1936 s->tray_locked = req->cmd.buf[4] & 1;
4be74634 1937 blk_lock_medium(s->qdev.conf.blk, req->cmd.buf[4] & 1);
5f71d32f 1938 break;
5e30a07d 1939 case READ_CAPACITY_10:
e7e25e32 1940 /* The normal LEN field for this command is zero. */
5f71d32f 1941 memset(outbuf, 0, 8);
4be74634 1942 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
f01b5931 1943 if (!nb_sectors) {
9bcaf4fe 1944 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
0369f06f 1945 return 0;
f01b5931 1946 }
7cec78b6
PB		 1947 if ((req->cmd.buf[8] & 1) == 0 && req->cmd.lba) {
1948 goto illegal_request;
1949 }
69377307 1950 nb_sectors /= s->qdev.blocksize / 512;
e7e25e32
GH		 1951 /* Returned value is the address of the last sector. */
1952 nb_sectors--;
1953 /* Remember the new size for read/write sanity checking. */
7877903a 1954 s->qdev.max_lba = nb_sectors;
e7e25e32 1955 /* Clip to 2TB, instead of returning capacity modulo 2TB. */
f01b5931 1956 if (nb_sectors > UINT32_MAX) {
e7e25e32 1957 nb_sectors = UINT32_MAX;
f01b5931 1958 }
e7e25e32
GH		 1959 outbuf[0] = (nb_sectors >> 24) & 0xff;
1960 outbuf[1] = (nb_sectors >> 16) & 0xff;
1961 outbuf[2] = (nb_sectors >> 8) & 0xff;
1962 outbuf[3] = nb_sectors & 0xff;
1963 outbuf[4] = 0;
1964 outbuf[5] = 0;
69377307 1965 outbuf[6] = s->qdev.blocksize >> 8;
e7e25e32 1966 outbuf[7] = 0;
5f71d32f 1967 break;
f3b338ef
PB		 1968 case REQUEST_SENSE:
1969 /* Just return "NO SENSE". */
1970 buflen = scsi_build_sense(NULL, 0, outbuf, r->buflen,
1971 (req->cmd.buf[1] & 1) == 0);
c8dcb531
PB		 1972 if (buflen < 0) {
1973 goto illegal_request;
1974 }
f3b338ef 1975 break;
b6c251ab
PB		 1976 case MECHANISM_STATUS:
1977 buflen = scsi_emulate_mechanism_status(s, outbuf);
1978 if (buflen < 0) {
1979 goto illegal_request;
1980 }
1981 break;
38215553 1982 case GET_CONFIGURATION:
430ee2f2 1983 buflen = scsi_get_configuration(s, outbuf);
b6c251ab
PB		 1984 if (buflen < 0) {
1985 goto illegal_request;
1986 }
1987 break;
1988 case GET_EVENT_STATUS_NOTIFICATION:
1989 buflen = scsi_get_event_status_notification(s, r, outbuf);
1990 if (buflen < 0) {
1991 goto illegal_request;
1992 }
1993 break;
1a4f0c3a
PB		 1994 case READ_DISC_INFORMATION:
1995 buflen = scsi_read_disc_information(s, r, outbuf);
1996 if (buflen < 0) {
1997 goto illegal_request;
1998 }
1999 break;
b6c251ab
PB		 2000 case READ_DVD_STRUCTURE:
2001 buflen = scsi_read_dvd_structure(s, r, outbuf);
2002 if (buflen < 0) {
2003 goto illegal_request;
2004 }
38215553 2005 break;
f6515262 2006 case SERVICE_ACTION_IN_16:
5dd90e2a 2007 /* Service Action In subcommands. */
f6515262 2008 if ((req->cmd.buf[1] & 31) == SAI_READ_CAPACITY_16) {
5dd90e2a
GH		 2009 DPRINTF("SAI READ CAPACITY(16)\n");
2010 memset(outbuf, 0, req->cmd.xfer);
4be74634 2011 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
f01b5931 2012 if (!nb_sectors) {
9bcaf4fe 2013 scsi_check_condition(r, SENSE_CODE(LUN_NOT_READY));
0369f06f 2014 return 0;
f01b5931 2015 }
7cec78b6
PB		 2016 if ((req->cmd.buf[14] & 1) == 0 && req->cmd.lba) {
2017 goto illegal_request;
2018 }
69377307 2019 nb_sectors /= s->qdev.blocksize / 512;
5dd90e2a
GH		 2020 /* Returned value is the address of the last sector. */
2021 nb_sectors--;
2022 /* Remember the new size for read/write sanity checking. */
7877903a 2023 s->qdev.max_lba = nb_sectors;
5dd90e2a
GH		 2024 outbuf[0] = (nb_sectors >> 56) & 0xff;
2025 outbuf[1] = (nb_sectors >> 48) & 0xff;
2026 outbuf[2] = (nb_sectors >> 40) & 0xff;
2027 outbuf[3] = (nb_sectors >> 32) & 0xff;
2028 outbuf[4] = (nb_sectors >> 24) & 0xff;
2029 outbuf[5] = (nb_sectors >> 16) & 0xff;
2030 outbuf[6] = (nb_sectors >> 8) & 0xff;
2031 outbuf[7] = nb_sectors & 0xff;
2032 outbuf[8] = 0;
2033 outbuf[9] = 0;
69377307 2034 outbuf[10] = s->qdev.blocksize >> 8;
5dd90e2a 2035 outbuf[11] = 0;
ee3659e3
CH		 2036 outbuf[12] = 0;
2037 outbuf[13] = get_physical_block_exp(&s->qdev.conf);
ea3bd56f
CH		 2038
2039 /* set TPE bit if the format supports discard */
2040 if (s->qdev.conf.discard_granularity) {
2041 outbuf[14] = 0x80;
2042 }
2043
5dd90e2a 2044 /* Protection, exponent and lowest lba field left blank. */
5dd90e2a
GH		 2045 break;
2046 }
2047 DPRINTF("Unsupported Service Action In\n");
2048 goto illegal_request;
101aa85f
PB		 2049 case SYNCHRONIZE_CACHE:
2050 /* The request is used as the AIO opaque value, so add a ref. */
2051 scsi_req_ref(&r->req);
4be74634 2052 block_acct_start(blk_get_stats(s->qdev.conf.blk), &r->acct, 0,
5366d0c8 2053 BLOCK_ACCT_FLUSH);
4be74634 2054 r->req.aiocb = blk_aio_flush(s->qdev.conf.blk, scsi_aio_complete, r);
101aa85f
PB		 2055 return 0;
2056 case SEEK_10:
2057 DPRINTF("Seek(10) (sector %" PRId64 ")\n", r->req.cmd.lba);
2058 if (r->req.cmd.lba > s->qdev.max_lba) {
2059 goto illegal_lba;
2060 }
2061 break;
101aa85f 2062 case MODE_SELECT:
142c2145 2063 DPRINTF("Mode Select(6) (len %lu)\n", (unsigned long)r->req.cmd.xfer);
101aa85f
PB		 2064 break;
2065 case MODE_SELECT_10:
142c2145 2066 DPRINTF("Mode Select(10) (len %lu)\n", (unsigned long)r->req.cmd.xfer);
101aa85f 2067 break;
5222aaf2 2068 case UNMAP:
142c2145 2069 DPRINTF("Unmap (len %lu)\n", (unsigned long)r->req.cmd.xfer);
5222aaf2 2070 break;
d97e7730
PB		 2071 case VERIFY_10:
2072 case VERIFY_12:
2073 case VERIFY_16:
4525c133 2074 DPRINTF("Verify (bytchk %d)\n", (req->cmd.buf[1] >> 1) & 3);
d97e7730
PB		 2075 if (req->cmd.buf[1] & 6) {
2076 goto illegal_request;
2077 }
2078 break;
101aa85f 2079 case WRITE_SAME_10:
101aa85f 2080 case WRITE_SAME_16:
84f94a9a
PB		 2081 DPRINTF("WRITE SAME %d (len %lu)\n",
2082 req->cmd.buf[0] == WRITE_SAME_10 ? 10 : 16,
142c2145 2083 (unsigned long)r->req.cmd.xfer);
84f94a9a 2084 break;
aa5dbdc1 2085 default:
b9e77bc7
AK		 2086 DPRINTF("Unknown SCSI command (%2.2x=%s)\n", buf[0],
2087 scsi_command_name(buf[0]));
b45ef674 2088 scsi_check_condition(r, SENSE_CODE(INVALID_OPCODE));
b08d0ea0 2089 return 0;
aa5dbdc1 2090 }
314a3299 2091 assert(!r->req.aiocb);
c8dcb531 2092 r->iov.iov_len = MIN(r->buflen, req->cmd.xfer);
b08d0ea0
PB		 2093 if (r->iov.iov_len == 0) {
2094 scsi_req_complete(&r->req, GOOD);
2095 }
af6d510d
PB		 2096 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
2097 assert(r->iov.iov_len == req->cmd.xfer);
2098 return -r->iov.iov_len;
2099 } else {
2100 return r->iov.iov_len;
2101 }
aa5dbdc1 2102
aa5dbdc1 2103illegal_request:
cfc606da
PB		 2104 if (r->req.status == -1) {
2105 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
2106 }
b08d0ea0 2107 return 0;
101aa85f
PB		 2108
2109illegal_lba:
2110 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
2111 return 0;
aa5dbdc1
GH		 2112}
2113
2e5d83bb
PB		 2114/* Execute a scsi command. Returns the length of the data expected by the
2115 command. This will be Positive for data transfers from the device
2116 (eg. disk reads), negative for transfers to the device (eg. disk writes),
2117 and zero if the command does not transfer any data. */
2118
b08d0ea0 2119static int32_t scsi_disk_dma_command(SCSIRequest *req, uint8_t *buf)
2e5d83bb 2120{
5c6c0e51
HR		 2121 SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
2122 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, req->dev);
94f8ba11 2123 SCSIDiskClass *sdc = (SCSIDiskClass *) object_get_class(OBJECT(s));
e93176d5 2124 uint32_t len;
a917d384 2125 uint8_t command;
a917d384
PB		 2126
2127 command = buf[0];
aa5dbdc1 2128
4be74634 2129 if (s->tray_open || !blk_is_inserted(s->qdev.conf.blk)) {
b08d0ea0
PB		 2130 scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
2131 return 0;
9bcaf4fe
PB		 2132 }
2133
1894df02 2134 len = scsi_data_cdb_xfer(r->req.cmd.buf);
a917d384 2135 switch (command) {
ebf46023
GH		 2136 case READ_6:
2137 case READ_10:
bd536cf3
GH		 2138 case READ_12:
2139 case READ_16:
e93176d5 2140 DPRINTF("Read (sector %" PRId64 ", count %u)\n", r->req.cmd.lba, len);
96bdbbab
RS		 2141 if (r->req.cmd.buf[1] & 0xe0) {
2142 goto illegal_request;
2143 }
444bc908 2144 if (!check_lba_range(s, r->req.cmd.lba, len)) {
274fb0e1 2145 goto illegal_lba;
f01b5931 2146 }
69377307
PB		 2147 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
2148 r->sector_count = len * (s->qdev.blocksize / 512);
2e5d83bb 2149 break;
ebf46023
GH		 2150 case WRITE_6:
2151 case WRITE_10:
bd536cf3
GH		 2152 case WRITE_12:
2153 case WRITE_16:
5e30a07d 2154 case WRITE_VERIFY_10:
ebef0bbb
BK		 2155 case WRITE_VERIFY_12:
2156 case WRITE_VERIFY_16:
4be74634 2157 if (blk_is_read_only(s->qdev.conf.blk)) {
6a8a685c
RS		 2158 scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED));
2159 return 0;
2160 }
e93176d5 2161 DPRINTF("Write %s(sector %" PRId64 ", count %u)\n",
2dd791b6
HR		 2162 (command & 0xe) == 0xe ? "And Verify " : "",
2163 r->req.cmd.lba, len);
96bdbbab
RS		 2164 if (r->req.cmd.buf[1] & 0xe0) {
2165 goto illegal_request;
2166 }
444bc908 2167 if (!check_lba_range(s, r->req.cmd.lba, len)) {
274fb0e1 2168 goto illegal_lba;
f01b5931 2169 }
69377307
PB		 2170 r->sector = r->req.cmd.lba * (s->qdev.blocksize / 512);
2171 r->sector_count = len * (s->qdev.blocksize / 512);
2e5d83bb 2172 break;
101aa85f 2173 default:
b08d0ea0 2174 abort();
96bdbbab
RS		 2175 illegal_request:
2176 scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
2177 return 0;
274fb0e1 2178 illegal_lba:
b45ef674 2179 scsi_check_condition(r, SENSE_CODE(LBA_OUT_OF_RANGE));
274fb0e1 2180 return 0;
2e5d83bb 2181 }
94f8ba11 2182 r->need_fua_emulation = sdc->need_fua_emulation(&r->req.cmd);
b08d0ea0 2183 if (r->sector_count == 0) {
b45ef674 2184 scsi_req_complete(&r->req, GOOD);
a917d384 2185 }
b08d0ea0 2186 assert(r->iov.iov_len == 0);
efb9ee02 2187 if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
b08d0ea0 2188 return -r->sector_count * 512;
a917d384 2189 } else {
b08d0ea0 2190 return r->sector_count * 512;
2e5d83bb 2191 }
2e5d83bb
PB		 2192}
2193
e9447f35
JK		 2194static void scsi_disk_reset(DeviceState *dev)
2195{
2196 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev.qdev, dev);
2197 uint64_t nb_sectors;
2198
c7b48872 2199 scsi_device_purge_requests(&s->qdev, SENSE_CODE(RESET));
e9447f35 2200
4be74634 2201 blk_get_geometry(s->qdev.conf.blk, &nb_sectors);
69377307 2202 nb_sectors /= s->qdev.blocksize / 512;
e9447f35
JK		 2203 if (nb_sectors) {
2204 nb_sectors--;
2205 }
7877903a 2206 s->qdev.max_lba = nb_sectors;
7721c7f7
PH		 2207 /* reset tray statuses */
2208 s->tray_locked = 0;
2209 s->tray_open = 0;
e9447f35
JK		 2210}
2211
aaebacef
PB		 2212static void scsi_disk_resize_cb(void *opaque)
2213{
2214 SCSIDiskState *s = opaque;
2215
2216 /* SPC lists this sense code as available only for
2217 * direct-access devices.
2218 */
2219 if (s->qdev.type == TYPE_DISK) {
53200fad 2220 scsi_device_report_change(&s->qdev, SENSE_CODE(CAPACITY_CHANGED));
aaebacef
PB		 2221 }
2222}
2223
7d4b4ba5 2224static void scsi_cd_change_media_cb(void *opaque, bool load)
2c6942fa 2225{
8a9c16f6
PB		 2226 SCSIDiskState *s = opaque;
2227
2228 /*
2229 * When a CD gets changed, we have to report an ejected state and
2230 * then a loaded state to guests so that they detect tray
2231 * open/close and media change events. Guests that do not use
2232 * GET_EVENT_STATUS_NOTIFICATION to detect such tray open/close
2233 * states rely on this behavior.
2234 *
2235 * media_changed governs the state machine used for unit attention
2236 * report. media_event is used by GET EVENT STATUS NOTIFICATION.
2237 */
2238 s->media_changed = load;
2239 s->tray_open = !load;
e48e84ea 2240 scsi_device_set_ua(&s->qdev, SENSE_CODE(UNIT_ATTENTION_NO_MEDIUM));
3c2f7c12 2241 s->media_event = true;
4480de19
PB		 2242 s->eject_request = false;
2243}
2244
2245static void scsi_cd_eject_request_cb(void *opaque, bool force)
2246{
2247 SCSIDiskState *s = opaque;
2248
2249 s->eject_request = true;
2250 if (force) {
2251 s->tray_locked = false;
2252 }
2c6942fa
MA		 2253}
2254
e4def80b
MA		 2255static bool scsi_cd_is_tray_open(void *opaque)
2256{
2257 return ((SCSIDiskState *)opaque)->tray_open;
2258}
2259
f107639a
MA		 2260static bool scsi_cd_is_medium_locked(void *opaque)
2261{
2262 return ((SCSIDiskState *)opaque)->tray_locked;
2263}
2264
aaebacef 2265static const BlockDevOps scsi_disk_removable_block_ops = {
2c6942fa 2266 .change_media_cb = scsi_cd_change_media_cb,
4480de19 2267 .eject_request_cb = scsi_cd_eject_request_cb,
e4def80b 2268 .is_tray_open = scsi_cd_is_tray_open,
f107639a 2269 .is_medium_locked = scsi_cd_is_medium_locked,
aaebacef
PB		 2270
2271 .resize_cb = scsi_disk_resize_cb,
2272};
2273
2274static const BlockDevOps scsi_disk_block_ops = {
2275 .resize_cb = scsi_disk_resize_cb,
f107639a
MA		 2276};
2277
8a9c16f6
PB		 2278static void scsi_disk_unit_attention_reported(SCSIDevice *dev)
2279{
2280 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2281 if (s->media_changed) {
2282 s->media_changed = false;
e48e84ea 2283 scsi_device_set_ua(&s->qdev, SENSE_CODE(MEDIUM_CHANGED));
8a9c16f6
PB		 2284 }
2285}
2286
a818a4b6 2287static void scsi_realize(SCSIDevice *dev, Error **errp)
2e5d83bb 2288{
d52affa7 2289 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
5ff5efb4 2290 Error *err = NULL;
2e5d83bb 2291
4be74634 2292 if (!s->qdev.conf.blk) {
a818a4b6
FZ		 2293 error_setg(errp, "drive property not set");
2294 return;
d52affa7
GH		 2295 }
2296
bfe3d7ac 2297 if (!(s->features & (1 << SCSI_DISK_F_REMOVABLE)) &&
4be74634 2298 !blk_is_inserted(s->qdev.conf.blk)) {
a818a4b6
FZ		 2299 error_setg(errp, "Device needs media, but drive is empty");
2300 return;
98f28ad7
MA		 2301 }
2302
911525db 2303 blkconf_serial(&s->qdev.conf, &s->serial);
0eb28a42 2304 blkconf_blocksizes(&s->qdev.conf);
5ff5efb4
FZ		 2305 if (dev->type == TYPE_DISK) {
2306 blkconf_geometry(&dev->conf, NULL, 65535, 255, 255, &err);
2307 if (err) {
a818a4b6
FZ		 2308 error_propagate(errp, err);
2309 return;
5ff5efb4 2310 }
b7eb0c9f 2311 }
f6166a06 2312 blkconf_apply_backend_options(&dev->conf);
a0fef654 2313
215e47b9
PB		 2314 if (s->qdev.conf.discard_granularity == -1) {
2315 s->qdev.conf.discard_granularity =
2316 MAX(s->qdev.conf.logical_block_size, DEFAULT_DISCARD_GRANULARITY);
2317 }
2318
552fee93 2319 if (!s->version) {
35c2c8dc 2320 s->version = g_strdup(qemu_hw_version());
552fee93 2321 }
353815aa
DF		 2322 if (!s->vendor) {
2323 s->vendor = g_strdup("QEMU");
2324 }
552fee93 2325
4be74634 2326 if (blk_is_sg(s->qdev.conf.blk)) {
a818a4b6
FZ		 2327 error_setg(errp, "unwanted /dev/sg*");
2328 return;
32bb404a
MA		 2329 }
2330
18e673b8
PH		 2331 if ((s->features & (1 << SCSI_DISK_F_REMOVABLE)) &&
2332 !(s->features & (1 << SCSI_DISK_F_NO_REMOVABLE_DEVOPS))) {
4be74634 2333 blk_set_dev_ops(s->qdev.conf.blk, &scsi_disk_removable_block_ops, s);
aaebacef 2334 } else {
4be74634 2335 blk_set_dev_ops(s->qdev.conf.blk, &scsi_disk_block_ops, s);
2e5d83bb 2336 }
4be74634 2337 blk_set_guest_block_size(s->qdev.conf.blk, s->qdev.blocksize);
8cfacf07 2338
4be74634 2339 blk_iostatus_enable(s->qdev.conf.blk);
d52affa7
GH		 2340}
2341
a818a4b6 2342static void scsi_hd_realize(SCSIDevice *dev, Error **errp)
b443ae67 2343{
e39be482 2344 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
df1d4c34
ET		 2345 /* can happen for devices without drive. The error message for missing
2346 * backend will be issued in scsi_realize
2347 */
2348 if (s->qdev.conf.blk) {
2349 blkconf_blocksizes(&s->qdev.conf);
2350 }
e39be482
PB		 2351 s->qdev.blocksize = s->qdev.conf.logical_block_size;
2352 s->qdev.type = TYPE_DISK;
353815aa
DF		 2353 if (!s->product) {
2354 s->product = g_strdup("QEMU HARDDISK");
2355 }
a818a4b6 2356 scsi_realize(&s->qdev, errp);
b443ae67
MA		 2357}
2358
a818a4b6 2359static void scsi_cd_realize(SCSIDevice *dev, Error **errp)
b443ae67 2360{
e39be482
PB		 2361 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2362 s->qdev.blocksize = 2048;
2363 s->qdev.type = TYPE_ROM;
bfe3d7ac 2364 s->features |= 1 << SCSI_DISK_F_REMOVABLE;
353815aa
DF		 2365 if (!s->product) {
2366 s->product = g_strdup("QEMU CD-ROM");
2367 }
a818a4b6 2368 scsi_realize(&s->qdev, errp);
b443ae67
MA		 2369}
2370
a818a4b6 2371static void scsi_disk_realize(SCSIDevice *dev, Error **errp)
b443ae67 2372{
95b5edcd 2373 DriveInfo *dinfo;
a818a4b6 2374 Error *local_err = NULL;
b443ae67 2375
4be74634 2376 if (!dev->conf.blk) {
a818a4b6
FZ		 2377 scsi_realize(dev, &local_err);
2378 assert(local_err);
2379 error_propagate(errp, local_err);
2380 return;
b443ae67
MA		 2381 }
2382
4be74634 2383 dinfo = blk_legacy_dinfo(dev->conf.blk);
26f8b3a8 2384 if (dinfo && dinfo->media_cd) {
a818a4b6 2385 scsi_cd_realize(dev, errp);
e39be482 2386 } else {
a818a4b6 2387 scsi_hd_realize(dev, errp);
e39be482 2388 }
b443ae67
MA		 2389}
2390
b08d0ea0 2391static const SCSIReqOps scsi_disk_emulate_reqops = {
8dbd4574 2392 .size = sizeof(SCSIDiskReq),
12010e7b 2393 .free_req = scsi_free_request,
b08d0ea0 2394 .send_command = scsi_disk_emulate_command,
314a3299
PB		 2395 .read_data = scsi_disk_emulate_read_data,
2396 .write_data = scsi_disk_emulate_write_data,
b08d0ea0
PB		 2397 .get_buf = scsi_get_buf,
2398};
2399
2400static const SCSIReqOps scsi_disk_dma_reqops = {
2401 .size = sizeof(SCSIDiskReq),
2402 .free_req = scsi_free_request,
2403 .send_command = scsi_disk_dma_command,
12010e7b
PB		 2404 .read_data = scsi_read_data,
2405 .write_data = scsi_write_data,
12010e7b 2406 .get_buf = scsi_get_buf,
43b978b9
PB		 2407 .load_request = scsi_disk_load_request,
2408 .save_request = scsi_disk_save_request,
8dbd4574
PB		 2409};
2410
b08d0ea0
PB		 2411static const SCSIReqOps *const scsi_disk_reqops_dispatch[256] = {
2412 [TEST_UNIT_READY] = &scsi_disk_emulate_reqops,
2413 [INQUIRY] = &scsi_disk_emulate_reqops,
2414 [MODE_SENSE] = &scsi_disk_emulate_reqops,
2415 [MODE_SENSE_10] = &scsi_disk_emulate_reqops,
2416 [START_STOP] = &scsi_disk_emulate_reqops,
2417 [ALLOW_MEDIUM_REMOVAL] = &scsi_disk_emulate_reqops,
2418 [READ_CAPACITY_10] = &scsi_disk_emulate_reqops,
2419 [READ_TOC] = &scsi_disk_emulate_reqops,
2420 [READ_DVD_STRUCTURE] = &scsi_disk_emulate_reqops,
2421 [READ_DISC_INFORMATION] = &scsi_disk_emulate_reqops,
2422 [GET_CONFIGURATION] = &scsi_disk_emulate_reqops,
2423 [GET_EVENT_STATUS_NOTIFICATION] = &scsi_disk_emulate_reqops,
2424 [MECHANISM_STATUS] = &scsi_disk_emulate_reqops,
2425 [SERVICE_ACTION_IN_16] = &scsi_disk_emulate_reqops,
2426 [REQUEST_SENSE] = &scsi_disk_emulate_reqops,
2427 [SYNCHRONIZE_CACHE] = &scsi_disk_emulate_reqops,
2428 [SEEK_10] = &scsi_disk_emulate_reqops,
b08d0ea0
PB		 2429 [MODE_SELECT] = &scsi_disk_emulate_reqops,
2430 [MODE_SELECT_10] = &scsi_disk_emulate_reqops,
5222aaf2 2431 [UNMAP] = &scsi_disk_emulate_reqops,
b08d0ea0
PB		 2432 [WRITE_SAME_10] = &scsi_disk_emulate_reqops,
2433 [WRITE_SAME_16] = &scsi_disk_emulate_reqops,
d97e7730
PB		 2434 [VERIFY_10] = &scsi_disk_emulate_reqops,
2435 [VERIFY_12] = &scsi_disk_emulate_reqops,
2436 [VERIFY_16] = &scsi_disk_emulate_reqops,
b08d0ea0
PB		 2437
2438 [READ_6] = &scsi_disk_dma_reqops,
2439 [READ_10] = &scsi_disk_dma_reqops,
2440 [READ_12] = &scsi_disk_dma_reqops,
2441 [READ_16] = &scsi_disk_dma_reqops,
b08d0ea0
PB		 2442 [WRITE_6] = &scsi_disk_dma_reqops,
2443 [WRITE_10] = &scsi_disk_dma_reqops,
2444 [WRITE_12] = &scsi_disk_dma_reqops,
2445 [WRITE_16] = &scsi_disk_dma_reqops,
2446 [WRITE_VERIFY_10] = &scsi_disk_dma_reqops,
2447 [WRITE_VERIFY_12] = &scsi_disk_dma_reqops,
2448 [WRITE_VERIFY_16] = &scsi_disk_dma_reqops,
2449};
2450
63db0f0e
PB		 2451static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun,
2452 uint8_t *buf, void *hba_private)
8dbd4574
PB		 2453{
2454 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
2455 SCSIRequest *req;
b08d0ea0
PB		 2456 const SCSIReqOps *ops;
2457 uint8_t command;
8dbd4574 2458
79fb50bb
PB		 2459 command = buf[0];
2460 ops = scsi_disk_reqops_dispatch[command];
2461 if (!ops) {
2462 ops = &scsi_disk_emulate_reqops;
2463 }
2464 req = scsi_req_alloc(ops, &s->qdev, tag, lun, hba_private);
2465
b08d0ea0 2466#ifdef DEBUG_SCSI
79fb50bb 2467 DPRINTF("Command: lun=%d tag=0x%x data=0x%02x", lun, tag, buf[0]);
b08d0ea0
PB		 2468 {
2469 int i;
1894df02 2470 for (i = 1; i < scsi_cdb_length(buf); i++) {
b08d0ea0
PB		 2471 printf(" 0x%02x", buf[i]);
2472 }
2473 printf("\n");
2474 }
2475#endif
2476
8dbd4574
PB		 2477 return req;
2478}
2479
336a6915
PB		 2480#ifdef __linux__
2481static int get_device_type(SCSIDiskState *s)
2482{
336a6915
PB		 2483 uint8_t cmd[16];
2484 uint8_t buf[36];
2485 uint8_t sensebuf[8];
2486 sg_io_hdr_t io_header;
2487 int ret;
2488
2489 memset(cmd, 0, sizeof(cmd));
2490 memset(buf, 0, sizeof(buf));
2491 cmd[0] = INQUIRY;
2492 cmd[4] = sizeof(buf);
2493
2494 memset(&io_header, 0, sizeof(io_header));
2495 io_header.interface_id = 'S';
2496 io_header.dxfer_direction = SG_DXFER_FROM_DEV;
2497 io_header.dxfer_len = sizeof(buf);
2498 io_header.dxferp = buf;
2499 io_header.cmdp = cmd;
2500 io_header.cmd_len = sizeof(cmd);
2501 io_header.mx_sb_len = sizeof(sensebuf);
2502 io_header.sbp = sensebuf;
2503 io_header.timeout = 6000; /* XXX */
2504
4be74634 2505 ret = blk_ioctl(s->qdev.conf.blk, SG_IO, &io_header);
336a6915
PB		 2506 if (ret < 0 || io_header.driver_status || io_header.host_status) {
2507 return -1;
2508 }
2509 s->qdev.type = buf[0];
bfe3d7ac
PB		 2510 if (buf[1] & 0x80) {
2511 s->features |= 1 << SCSI_DISK_F_REMOVABLE;
2512 }
336a6915
PB		 2513 return 0;
2514}
2515
a818a4b6 2516static void scsi_block_realize(SCSIDevice *dev, Error **errp)
336a6915
PB		 2517{
2518 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, dev);
2519 int sg_version;
2520 int rc;
2521
4be74634 2522 if (!s->qdev.conf.blk) {
a818a4b6
FZ		 2523 error_setg(errp, "drive property not set");
2524 return;
336a6915
PB		 2525 }
2526
2527 /* check we are using a driver managing SG_IO (version 3 and after) */
4be74634 2528 rc = blk_ioctl(s->qdev.conf.blk, SG_GET_VERSION_NUM, &sg_version);
4bbeb8b1 2529 if (rc < 0) {
a818a4b6 2530 error_setg(errp, "cannot get SG_IO version number: %s. "
6ee143a0 2531 "Is this a SCSI device?",
4bbeb8b1 2532 strerror(-rc));
a818a4b6 2533 return;
4bbeb8b1
FZ		 2534 }
2535 if (sg_version < 30000) {
a818a4b6
FZ		 2536 error_setg(errp, "scsi generic interface too old");
2537 return;
336a6915
PB		 2538 }
2539
2540 /* get device type from INQUIRY data */
2541 rc = get_device_type(s);
2542 if (rc < 0) {
a818a4b6
FZ		 2543 error_setg(errp, "INQUIRY failed");
2544 return;
336a6915
PB		 2545 }
2546
2547 /* Make a guess for the block size, we'll fix it when the guest sends.
2548 * READ CAPACITY. If they don't, they likely would assume these sizes
2549 * anyway. (TODO: check in /sys).
2550 */
2551 if (s->qdev.type == TYPE_ROM || s->qdev.type == TYPE_WORM) {
2552 s->qdev.blocksize = 2048;
2553 } else {
2554 s->qdev.blocksize = 512;
2555 }
18e673b8
PH		 2556
2557 /* Makes the scsi-block device not removable by using HMP and QMP eject
2558 * command.
2559 */
2560 s->features |= (1 << SCSI_DISK_F_NO_REMOVABLE_DEVOPS);
2561
a818a4b6 2562 scsi_realize(&s->qdev, errp);
9fd7e859 2563 scsi_generic_read_device_identification(&s->qdev);
336a6915
PB		 2564}
2565
8fdc7839
PB		 2566typedef struct SCSIBlockReq {
2567 SCSIDiskReq req;
2568 sg_io_hdr_t io_header;
2569
2570 /* Selected bytes of the original CDB, copied into our own CDB. */
2571 uint8_t cmd, cdb1, group_number;
2572
2573 /* CDB passed to SG_IO. */
2574 uint8_t cdb[16];
2575} SCSIBlockReq;
2576
2577static BlockAIOCB *scsi_block_do_sgio(SCSIBlockReq *req,
2578 int64_t offset, QEMUIOVector *iov,
2579 int direction,
2580 BlockCompletionFunc *cb, void *opaque)
2581{
2582 sg_io_hdr_t *io_header = &req->io_header;
2583 SCSIDiskReq *r = &req->req;
2584 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
2585 int nb_logical_blocks;
2586 uint64_t lba;
2587 BlockAIOCB *aiocb;
2588
2589 /* This is not supported yet. It can only happen if the guest does
2590 * reads and writes that are not aligned to one logical sectors
2591 * _and_ cover multiple MemoryRegions.
2592 */
2593 assert(offset % s->qdev.blocksize == 0);
2594 assert(iov->size % s->qdev.blocksize == 0);
2595
2596 io_header->interface_id = 'S';
2597
2598 /* The data transfer comes from the QEMUIOVector. */
2599 io_header->dxfer_direction = direction;
2600 io_header->dxfer_len = iov->size;
2601 io_header->dxferp = (void *)iov->iov;
2602 io_header->iovec_count = iov->niov;
2603 assert(io_header->iovec_count == iov->niov); /* no overflow! */
2604
2605 /* Build a new CDB with the LBA and length patched in, in case
2606 * DMA helpers split the transfer in multiple segments. Do not
2607 * build a CDB smaller than what the guest wanted, and only build
2608 * a larger one if strictly necessary.
2609 */
2610 io_header->cmdp = req->cdb;
2611 lba = offset / s->qdev.blocksize;
2612 nb_logical_blocks = io_header->dxfer_len / s->qdev.blocksize;
2613
2614 if ((req->cmd >> 5) == 0 && lba <= 0x1ffff) {
2615 /* 6-byte CDB */
2616 stl_be_p(&req->cdb[0], lba | (req->cmd << 24));
2617 req->cdb[4] = nb_logical_blocks;
2618 req->cdb[5] = 0;
2619 io_header->cmd_len = 6;
2620 } else if ((req->cmd >> 5) <= 1 && lba <= 0xffffffffULL) {
2621 /* 10-byte CDB */
2622 req->cdb[0] = (req->cmd & 0x1f) | 0x20;
2623 req->cdb[1] = req->cdb1;
2624 stl_be_p(&req->cdb[2], lba);
2625 req->cdb[6] = req->group_number;
2626 stw_be_p(&req->cdb[7], nb_logical_blocks);
2627 req->cdb[9] = 0;
2628 io_header->cmd_len = 10;
2629 } else if ((req->cmd >> 5) != 4 && lba <= 0xffffffffULL) {
2630 /* 12-byte CDB */
2631 req->cdb[0] = (req->cmd & 0x1f) | 0xA0;
2632 req->cdb[1] = req->cdb1;
2633 stl_be_p(&req->cdb[2], lba);
2634 stl_be_p(&req->cdb[6], nb_logical_blocks);
2635 req->cdb[10] = req->group_number;
2636 req->cdb[11] = 0;
2637 io_header->cmd_len = 12;
2638 } else {
2639 /* 16-byte CDB */
2640 req->cdb[0] = (req->cmd & 0x1f) | 0x80;
2641 req->cdb[1] = req->cdb1;
2642 stq_be_p(&req->cdb[2], lba);
2643 stl_be_p(&req->cdb[10], nb_logical_blocks);
2644 req->cdb[14] = req->group_number;
2645 req->cdb[15] = 0;
2646 io_header->cmd_len = 16;
2647 }
2648
2649 /* The rest is as in scsi-generic.c. */
2650 io_header->mx_sb_len = sizeof(r->req.sense);
2651 io_header->sbp = r->req.sense;
2652 io_header->timeout = UINT_MAX;
2653 io_header->usr_ptr = r;
2654 io_header->flags |= SG_FLAG_DIRECT_IO;
2655
2656 aiocb = blk_aio_ioctl(s->qdev.conf.blk, SG_IO, io_header, cb, opaque);
2657 assert(aiocb != NULL);
2658 return aiocb;
2659}
2660
2661static bool scsi_block_no_fua(SCSICommand *cmd)
2662{
2663 return false;
2664}
2665
2666static BlockAIOCB *scsi_block_dma_readv(int64_t offset,
2667 QEMUIOVector *iov,
2668 BlockCompletionFunc *cb, void *cb_opaque,
2669 void *opaque)
2670{
2671 SCSIBlockReq *r = opaque;
2672 return scsi_block_do_sgio(r, offset, iov,
2673 SG_DXFER_FROM_DEV, cb, cb_opaque);
2674}
2675
2676static BlockAIOCB *scsi_block_dma_writev(int64_t offset,
2677 QEMUIOVector *iov,
2678 BlockCompletionFunc *cb, void *cb_opaque,
2679 void *opaque)
2680{
2681 SCSIBlockReq *r = opaque;
2682 return scsi_block_do_sgio(r, offset, iov,
2683 SG_DXFER_TO_DEV, cb, cb_opaque);
2684}
2685
592c3b28 2686static bool scsi_block_is_passthrough(SCSIDiskState *s, uint8_t *buf)
336a6915 2687{
336a6915 2688 switch (buf[0]) {
8fdc7839
PB		 2689 case VERIFY_10:
2690 case VERIFY_12:
2691 case VERIFY_16:
2692 /* Check if BYTCHK == 0x01 (data-out buffer contains data
2693 * for the number of logical blocks specified in the length
2694 * field). For other modes, do not use scatter/gather operation.
2695 */
2696 if ((buf[1] & 6) != 2) {
2697 return false;
2698 }
2699 break;
2700
336a6915
PB		 2701 case READ_6:
2702 case READ_10:
2703 case READ_12:
2704 case READ_16:
2705 case WRITE_6:
2706 case WRITE_10:
2707 case WRITE_12:
2708 case WRITE_16:
2709 case WRITE_VERIFY_10:
2710 case WRITE_VERIFY_12:
2711 case WRITE_VERIFY_16:
8fdc7839 2712 /* MMC writing cannot be done via DMA helpers, because it sometimes
33ebad12 2713 * involves writing beyond the maximum LBA or to negative LBA (lead-in).
b08d0ea0 2714 * We might use scsi_disk_dma_reqops as long as no writing commands are
33ebad12
PB		 2715 * seen, but performance usually isn't paramount on optical media. So,
2716 * just make scsi-block operate the same as scsi-generic for them.
2717 */
b08d0ea0 2718 if (s->qdev.type != TYPE_ROM) {
592c3b28 2719 return false;
b08d0ea0 2720 }
592c3b28
PB		 2721 break;
2722
2723 default:
2724 break;
336a6915
PB		 2725 }
2726
592c3b28
PB		 2727 return true;
2728}
2729
2730
8fdc7839
PB		 2731static int32_t scsi_block_dma_command(SCSIRequest *req, uint8_t *buf)
2732{
2733 SCSIBlockReq *r = (SCSIBlockReq *)req;
2734 r->cmd = req->cmd.buf[0];
2735 switch (r->cmd >> 5) {
2736 case 0:
2737 /* 6-byte CDB. */
2738 r->cdb1 = r->group_number = 0;
2739 break;
2740 case 1:
2741 /* 10-byte CDB. */
2742 r->cdb1 = req->cmd.buf[1];
2743 r->group_number = req->cmd.buf[6];
ed45cae3 2744 break;
8fdc7839
PB		 2745 case 4:
2746 /* 12-byte CDB. */
2747 r->cdb1 = req->cmd.buf[1];
2748 r->group_number = req->cmd.buf[10];
2749 break;
2750 case 5:
2751 /* 16-byte CDB. */
2752 r->cdb1 = req->cmd.buf[1];
2753 r->group_number = req->cmd.buf[14];
2754 break;
2755 default:
2756 abort();
2757 }
2758
2759 if (r->cdb1 & 0xe0) {
2760 /* Protection information is not supported. */
2761 scsi_check_condition(&r->req, SENSE_CODE(INVALID_FIELD));
2762 return 0;
2763 }
2764
2765 r->req.status = &r->io_header.status;
2766 return scsi_disk_dma_command(req, buf);
2767}
2768
2769static const SCSIReqOps scsi_block_dma_reqops = {
2770 .size = sizeof(SCSIBlockReq),
2771 .free_req = scsi_free_request,
2772 .send_command = scsi_block_dma_command,
2773 .read_data = scsi_read_data,
2774 .write_data = scsi_write_data,
2775 .get_buf = scsi_get_buf,
2776 .load_request = scsi_disk_load_request,
2777 .save_request = scsi_disk_save_request,
2778};
2779
592c3b28
PB		 2780static SCSIRequest *scsi_block_new_request(SCSIDevice *d, uint32_t tag,
2781 uint32_t lun, uint8_t *buf,
2782 void *hba_private)
2783{
2784 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
2785
2786 if (scsi_block_is_passthrough(s, buf)) {
2787 return scsi_req_alloc(&scsi_generic_req_ops, &s->qdev, tag, lun,
2788 hba_private);
2789 } else {
8fdc7839 2790 return scsi_req_alloc(&scsi_block_dma_reqops, &s->qdev, tag, lun,
592c3b28
PB		 2791 hba_private);
2792 }
336a6915 2793}
3e7e180a
PB		 2794
2795static int scsi_block_parse_cdb(SCSIDevice *d, SCSICommand *cmd,
2796 uint8_t *buf, void *hba_private)
2797{
2798 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, d);
2799
2800 if (scsi_block_is_passthrough(s, buf)) {
2801 return scsi_bus_parse_cdb(&s->qdev, cmd, buf, hba_private);
2802 } else {
2803 return scsi_req_parse_cdb(&s->qdev, cmd, buf);
2804 }
2805}
2806
336a6915
PB		 2807#endif
2808
fcaafb10
PB		 2809static
2810BlockAIOCB *scsi_dma_readv(int64_t offset, QEMUIOVector *iov,
2811 BlockCompletionFunc *cb, void *cb_opaque,
2812 void *opaque)
2813{
2814 SCSIDiskReq *r = opaque;
2815 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
2816 return blk_aio_preadv(s->qdev.conf.blk, offset, iov, 0, cb, cb_opaque);
2817}
2818
2819static
2820BlockAIOCB *scsi_dma_writev(int64_t offset, QEMUIOVector *iov,
2821 BlockCompletionFunc *cb, void *cb_opaque,
2822 void *opaque)
2823{
2824 SCSIDiskReq *r = opaque;
2825 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
2826 return blk_aio_pwritev(s->qdev.conf.blk, offset, iov, 0, cb, cb_opaque);
2827}
2828
993935f3
PB		 2829static void scsi_disk_base_class_initfn(ObjectClass *klass, void *data)
2830{
2831 DeviceClass *dc = DEVICE_CLASS(klass);
fcaafb10 2832 SCSIDiskClass *sdc = SCSI_DISK_BASE_CLASS(klass);
993935f3
PB		 2833
2834 dc->fw_name = "disk";
2835 dc->reset = scsi_disk_reset;
fcaafb10
PB		 2836 sdc->dma_readv = scsi_dma_readv;
2837 sdc->dma_writev = scsi_dma_writev;
94f8ba11 2838 sdc->need_fua_emulation = scsi_is_cmd_fua;
993935f3
PB		 2839}
2840
2841static const TypeInfo scsi_disk_base_info = {
2842 .name = TYPE_SCSI_DISK_BASE,
2843 .parent = TYPE_SCSI_DEVICE,
2844 .class_init = scsi_disk_base_class_initfn,
2845 .instance_size = sizeof(SCSIDiskState),
fcaafb10 2846 .class_size = sizeof(SCSIDiskClass),
6214a11a 2847 .abstract = true,
993935f3
PB		 2848};
2849
353815aa
DF		 2850#define DEFINE_SCSI_DISK_PROPERTIES() \
2851 DEFINE_BLOCK_PROPERTIES(SCSIDiskState, qdev.conf), \
8c398252 2852 DEFINE_BLOCK_ERROR_PROPERTIES(SCSIDiskState, qdev.conf), \
353815aa
DF		 2853 DEFINE_PROP_STRING("ver", SCSIDiskState, version), \
2854 DEFINE_PROP_STRING("serial", SCSIDiskState, serial), \
2855 DEFINE_PROP_STRING("vendor", SCSIDiskState, vendor), \
2856 DEFINE_PROP_STRING("product", SCSIDiskState, product)
b443ae67 2857
39bffca2
AL		 2858static Property scsi_hd_properties[] = {
2859 DEFINE_SCSI_DISK_PROPERTIES(),
bfe3d7ac
PB		 2860 DEFINE_PROP_BIT("removable", SCSIDiskState, features,
2861 SCSI_DISK_F_REMOVABLE, false),
da8365db
PB		 2862 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features,
2863 SCSI_DISK_F_DPOFUA, false),
2ecab408
PB		 2864 DEFINE_PROP_UINT64("wwn", SCSIDiskState, qdev.wwn, 0),
2865 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, qdev.port_wwn, 0),
64cc2284 2866 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0),
8a1bd297
PB		 2867 DEFINE_PROP_UINT64("max_unmap_size", SCSIDiskState, max_unmap_size,
2868 DEFAULT_MAX_UNMAP_SIZE),
f8e1f533
PB		 2869 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size,
2870 DEFAULT_MAX_IO_SIZE),
d252df48 2871 DEFINE_BLOCK_CHS_PROPERTIES(SCSIDiskState, qdev.conf),
39bffca2
AL		 2872 DEFINE_PROP_END_OF_LIST(),
2873};
2874
43b978b9
PB		 2875static const VMStateDescription vmstate_scsi_disk_state = {
2876 .name = "scsi-disk",
2877 .version_id = 1,
2878 .minimum_version_id = 1,
43b978b9
PB		 2879 .fields = (VMStateField[]) {
2880 VMSTATE_SCSI_DEVICE(qdev, SCSIDiskState),
2881 VMSTATE_BOOL(media_changed, SCSIDiskState),
2882 VMSTATE_BOOL(media_event, SCSIDiskState),
2883 VMSTATE_BOOL(eject_request, SCSIDiskState),
2884 VMSTATE_BOOL(tray_open, SCSIDiskState),
2885 VMSTATE_BOOL(tray_locked, SCSIDiskState),
2886 VMSTATE_END_OF_LIST()
2887 }
2888};
2889
b9eea3e6
AL		 2890static void scsi_hd_class_initfn(ObjectClass *klass, void *data)
2891{
39bffca2 2892 DeviceClass *dc = DEVICE_CLASS(klass);
b9eea3e6
AL		 2893 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2894
a818a4b6 2895 sc->realize = scsi_hd_realize;
b9eea3e6
AL		 2896 sc->alloc_req = scsi_new_request;
2897 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
39bffca2 2898 dc->desc = "virtual SCSI disk";
39bffca2 2899 dc->props = scsi_hd_properties;
43b978b9 2900 dc->vmsd = &vmstate_scsi_disk_state;
b9eea3e6
AL		 2901}
2902
8c43a6f0 2903static const TypeInfo scsi_hd_info = {
39bffca2 2904 .name = "scsi-hd",
993935f3 2905 .parent = TYPE_SCSI_DISK_BASE,
39bffca2
AL		 2906 .class_init = scsi_hd_class_initfn,
2907};
2908
2909static Property scsi_cd_properties[] = {
2910 DEFINE_SCSI_DISK_PROPERTIES(),
2ecab408
PB		 2911 DEFINE_PROP_UINT64("wwn", SCSIDiskState, qdev.wwn, 0),
2912 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, qdev.port_wwn, 0),
64cc2284 2913 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0),
f8e1f533
PB		 2914 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size,
2915 DEFAULT_MAX_IO_SIZE),
39bffca2 2916 DEFINE_PROP_END_OF_LIST(),
b9eea3e6
AL		 2917};
2918
2919static void scsi_cd_class_initfn(ObjectClass *klass, void *data)
2920{
39bffca2 2921 DeviceClass *dc = DEVICE_CLASS(klass);
b9eea3e6
AL		 2922 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2923
a818a4b6 2924 sc->realize = scsi_cd_realize;
b9eea3e6
AL		 2925 sc->alloc_req = scsi_new_request;
2926 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
39bffca2 2927 dc->desc = "virtual SCSI CD-ROM";
39bffca2 2928 dc->props = scsi_cd_properties;
43b978b9 2929 dc->vmsd = &vmstate_scsi_disk_state;
b9eea3e6
AL		 2930}
2931
8c43a6f0 2932static const TypeInfo scsi_cd_info = {
39bffca2 2933 .name = "scsi-cd",
993935f3 2934 .parent = TYPE_SCSI_DISK_BASE,
39bffca2 2935 .class_init = scsi_cd_class_initfn,
b9eea3e6
AL		 2936};
2937
336a6915 2938#ifdef __linux__
39bffca2 2939static Property scsi_block_properties[] = {
4be74634 2940 DEFINE_PROP_DRIVE("drive", SCSIDiskState, qdev.conf.blk),
39bffca2
AL		 2941 DEFINE_PROP_END_OF_LIST(),
2942};
2943
b9eea3e6
AL		 2944static void scsi_block_class_initfn(ObjectClass *klass, void *data)
2945{
39bffca2 2946 DeviceClass *dc = DEVICE_CLASS(klass);
b9eea3e6 2947 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
8fdc7839 2948 SCSIDiskClass *sdc = SCSI_DISK_BASE_CLASS(klass);
b9eea3e6 2949
a818a4b6 2950 sc->realize = scsi_block_realize;
b9eea3e6 2951 sc->alloc_req = scsi_block_new_request;
3e7e180a 2952 sc->parse_cdb = scsi_block_parse_cdb;
8fdc7839
PB		 2953 sdc->dma_readv = scsi_block_dma_readv;
2954 sdc->dma_writev = scsi_block_dma_writev;
2955 sdc->need_fua_emulation = scsi_block_no_fua;
39bffca2 2956 dc->desc = "SCSI block device passthrough";
39bffca2 2957 dc->props = scsi_block_properties;
43b978b9 2958 dc->vmsd = &vmstate_scsi_disk_state;
b9eea3e6
AL		 2959}
2960
8c43a6f0 2961static const TypeInfo scsi_block_info = {
39bffca2 2962 .name = "scsi-block",
993935f3 2963 .parent = TYPE_SCSI_DISK_BASE,
39bffca2 2964 .class_init = scsi_block_class_initfn,
b9eea3e6 2965};
336a6915 2966#endif
b9eea3e6 2967
39bffca2
AL		 2968static Property scsi_disk_properties[] = {
2969 DEFINE_SCSI_DISK_PROPERTIES(),
bfe3d7ac
PB		 2970 DEFINE_PROP_BIT("removable", SCSIDiskState, features,
2971 SCSI_DISK_F_REMOVABLE, false),
da8365db
PB		 2972 DEFINE_PROP_BIT("dpofua", SCSIDiskState, features,
2973 SCSI_DISK_F_DPOFUA, false),
2ecab408
PB		 2974 DEFINE_PROP_UINT64("wwn", SCSIDiskState, qdev.wwn, 0),
2975 DEFINE_PROP_UINT64("port_wwn", SCSIDiskState, qdev.port_wwn, 0),
64cc2284 2976 DEFINE_PROP_UINT16("port_index", SCSIDiskState, port_index, 0),
8a1bd297
PB		 2977 DEFINE_PROP_UINT64("max_unmap_size", SCSIDiskState, max_unmap_size,
2978 DEFAULT_MAX_UNMAP_SIZE),
f8e1f533
PB		 2979 DEFINE_PROP_UINT64("max_io_size", SCSIDiskState, max_io_size,
2980 DEFAULT_MAX_IO_SIZE),
39bffca2
AL		 2981 DEFINE_PROP_END_OF_LIST(),
2982};
2983
b9eea3e6
AL		 2984static void scsi_disk_class_initfn(ObjectClass *klass, void *data)
2985{
39bffca2 2986 DeviceClass *dc = DEVICE_CLASS(klass);
b9eea3e6
AL		 2987 SCSIDeviceClass *sc = SCSI_DEVICE_CLASS(klass);
2988
a818a4b6 2989 sc->realize = scsi_disk_realize;
b9eea3e6
AL		 2990 sc->alloc_req = scsi_new_request;
2991 sc->unit_attention_reported = scsi_disk_unit_attention_reported;
39bffca2
AL		 2992 dc->fw_name = "disk";
2993 dc->desc = "virtual SCSI disk or CD-ROM (legacy)";
2994 dc->reset = scsi_disk_reset;
2995 dc->props = scsi_disk_properties;
43b978b9 2996 dc->vmsd = &vmstate_scsi_disk_state;
b9eea3e6
AL		 2997}
2998
8c43a6f0 2999static const TypeInfo scsi_disk_info = {
39bffca2 3000 .name = "scsi-disk",
993935f3 3001 .parent = TYPE_SCSI_DISK_BASE,
39bffca2 3002 .class_init = scsi_disk_class_initfn,
d52affa7
GH		 3003};
3004
83f7d43a 3005static void scsi_disk_register_types(void)
d52affa7 3006{
993935f3 3007 type_register_static(&scsi_disk_base_info);
39bffca2
AL		 3008 type_register_static(&scsi_hd_info);
3009 type_register_static(&scsi_cd_info);
b9eea3e6 3010#ifdef __linux__
39bffca2 3011 type_register_static(&scsi_block_info);
b9eea3e6 3012#endif
39bffca2 3013 type_register_static(&scsi_disk_info);
8ccc2ace 3014}
83f7d43a
AF		 3015
3016type_init(scsi_disk_register_types)
Empty description
This page took 1.395976 seconds and 4 git commands to generate.